Describe the behavior of our HSv3 crypto layers.

These layers use SHA3 instead of SHA1 and AES256 instead of AES128. Their SENDME tags are made with SHA3 too, but they are truncated to 20 bytes. Closes #204.
author: Nick Mathewson <nickm@torproject.org> 2023-06-13 11:15:47 -0400
committer: David Goulet <dgoulet@torproject.org> 2023-06-13 12:13:25 -0400
commit: b345ca044131b2eb18e6ae0d5f23643a92aeff34 (patch)
tree: 90467259827771077dcb4344600b2cfdb8ed93ea /rend-spec-v3.txt
parent: a31defc82d3ebc5809791bbbf7da7259262c70c8 (diff)
download: torspec-b345ca044131b2eb18e6ae0d5f23643a92aeff34.tar.gz
torspec-b345ca044131b2eb18e6ae0d5f23643a92aeff34.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt
index 53880db..062b3d7 100644
--- a/rend-spec-v3.txt
+++ b/rend-spec-v3.txt
@@ -2080,7 +2080,8 @@ Table of contents:
    The hidden service host now also knows the keys generated by the
    handshake, which it will use to encrypt and authenticate data
    end-to-end between the client and the server. These keys are as
-   computed in tor-spec.txt section 5.1.4.
+   computed in tor-spec.txt section 5.1.4, except that instead of using
+   AES-128 and SHA1 for this hop, we use AES-256 and SHA3-256.
 
 3.4. Authentication during the introduction phase. [INTRO-AUTH]
author	Nick Mathewson <nickm@torproject.org>	2023-06-13 11:15:47 -0400
committer	David Goulet <dgoulet@torproject.org>	2023-06-13 12:13:25 -0400
commit	b345ca044131b2eb18e6ae0d5f23643a92aeff34 (patch)
tree	90467259827771077dcb4344600b2cfdb8ed93ea /rend-spec-v3.txt
parent	a31defc82d3ebc5809791bbbf7da7259262c70c8 (diff)
download	torspec-b345ca044131b2eb18e6ae0d5f23643a92aeff34.tar.gz torspec-b345ca044131b2eb18e6ae0d5f23643a92aeff34.zip