Commit 3f2fe39b authored by Ian Goldberg's avatar Ian Goldberg
Browse files

Random exponents in SMP should be 1536 bits

The spec (but not the code) incorrectly said "128 bits" before.
parent b750fc9d
...@@ -1045,9 +1045,9 @@ create a valid type 2 TLV (SMP message 1) as follows: ...@@ -1045,9 +1045,9 @@ create a valid type 2 TLV (SMP message 1) as follows:
<ol> <ol>
<li>Determine her secret input x, which is to be compared to Bob's <li>Determine her secret input x, which is to be compared to Bob's
secret y.</li> secret y.</li>
<li>Pick random values a<sub>2</sub> and a<sub>3</sub> (128 bits). <li>Pick random values a<sub>2</sub> and a<sub>3</sub> (1536 bits).
These will be Alice's exponents for the DH exchange to pick generators.</li> These will be Alice's exponents for the DH exchange to pick generators.</li>
<li>Pick random values r2 and r3 (128 bits). <li>Pick random values r2 and r3 (1536 bits).
These will be used to generate zero-knowledge proofs that this message These will be used to generate zero-knowledge proofs that this message
was created according to the protocol.</li> was created according to the protocol.</li>
<li>Compute g<sub>2a</sub> = g<sub>1</sub><sup>a<sub>2</sub></sup> and <li>Compute g<sub>2a</sub> = g<sub>1</sub><sup>a<sub>2</sub></sup> and
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment