diff options
Diffstat (limited to 'rend-spec-v3.txt')
-rw-r--r-- | rend-spec-v3.txt | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index bbe7b91..383b73a 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -216,6 +216,9 @@ Table of contents: * Instantiate MAC(key=k, message=m) with H(k_len | k | m), where k_len is htonll(len(k)). + When we need a particular MAC key length below, we choose + MAC_KEY_LEN=32 (256 bits). + For legacy purposes, we specify compatibility with older versions of the Tor introduction point and rendezvous point protocols. These used RSA1024, DH1024, AES128, and SHA1, as discussed in @@ -1856,6 +1859,11 @@ Table of contents: INTRODUCE2 cell with exactly the same contents to the service, and sends an INTRODUCE_ACK response to the client. + (Note that the introduction point does not "clean up" the + INTRODUCE1 cells that it retransmits. Specifically, it does not + change the order or multiplicity of the extensions sent by the + client.) + The same rules for multiplicity, ordering, and handling unknown types apply to the extension fields here as described [EST_INTRO] above. @@ -2102,7 +2110,8 @@ Table of contents: The hidden service host now also knows the keys generated by the handshake, which it will use to encrypt and authenticate data end-to-end between the client and the server. These keys are as - computed in tor-spec.txt section 5.1.4. + computed in tor-spec.txt section 5.1.4, except that instead of using + AES-128 and SHA1 for this hop, we use AES-256 and SHA3-256. 3.4. Authentication during the introduction phase. [INTRO-AUTH] |