Slight clarifications about hsv3 relay crypto

There was a missing link at one point, and another point where we
should have said what cryptography we were using.

2 files changed, 10 insertions, 1 deletions

diff --git a/spec/rend-spec/encrypting-user-data.md b/spec/rend-spec/encrypting-user-data.md
index 460f71e..fdf1a30 100644
--- a/spec/rend-spec/encrypting-user-data.md
+++ b/spec/rend-spec/encrypting-user-data.md
@@ -10,3 +10,10 @@ Tor relay encryption protocol, applying encryption with these keys
 before other encryption, and decrypting with these keys before other
 decryption. The client encrypts with Kf and decrypts with Kb; the
 service host does the opposite.
+
+As mentioned
+[previously](./introduction-protocol.md#INTRO-HANDSHAKE-REQS),
+these keys are used the same as for
+[regular relay cell encryption](../tor-spec/routing-relay-cells.md),
+except that instead of using AES-128 and SHA1,
+both parties use AES-256 and SHA3-256.
diff --git a/spec/rend-spec/introduction-protocol.md b/spec/rend-spec/introduction-protocol.md
index cb7debf..e605994 100644
--- a/spec/rend-spec/introduction-protocol.md
+++ b/spec/rend-spec/introduction-protocol.md
@@ -721,7 +721,9 @@ HANDSHAKE_INFO element (see \[JOIN_REND\]).
 The hidden service host now also knows the keys generated by the
 handshake, which it will use to encrypt and authenticate data
 end-to-end between the client and the server. These keys are as
-computed in tor-spec.txt section 5.1.4, except that instead of using
+computed with the
+[ntor handshake](../tor-spec/create-created-cells.html#ntor),
+except that instead of using
 AES-128 and SHA1 for this hop, we use AES-256 and SHA3-256.
 
 <a id="rend-spec-v3.txt-3.4"></a>