commit 73f26437470e4b4b360a484daaa1ce94efad317f Author: Filippo Valsorda hi@filippo.io Date: Fri Nov 17 15:18:57 2017 -0500

rend-spec-v3: document trailing zero byte in BLIND_STRING (A.2.)

The implementation uses sizeof instead of strlen, so the C string NUL byte is hashed. --- rend-spec-v3.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index ef5f940..d595268 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -2160,7 +2160,7 @@ A.2. Tor's key derivation scheme blinding factor like this:

h = H(BLIND_STRING | A | s | B | N) - BLIND_STRING = "Derive temporary signing key" + BLIND_STRING = "Derive temporary signing key" | INT_1(0) N = "key-blind" | INT_8(period-number) | INT_8(period_length)

then clamp the blinding factor 'h' according to the ed25519 spec: