search

keybase / triplesec

Triple Security for the browser and Node.js
https://keybase.io/triplesec
MIT License
399 stars 48 forks source link

Confusing text on the about page #45

Closed SparkDustJoe closed 5 years ago

SparkDustJoe commented 9 years ago

"The TripleSec library encrypts data in four steps:

Key derivation. Given a user-provided password, and a random salt value, generate four separate secret keys, one for each cipher (see Step 3), and two final keys for signing the ciphertext (see Step 4). This "key stretching" is done via standard scrypt, with parameters N=215, r=8, p=1, and output length of 192 bytes. The output of this step is five separate keys, used below. "

Shouldn't that be "...three separate keys, one for each cipher..." ?

gburtini commented 7 years ago

Fixed in #54.

gburtini commented 7 years ago

@maxtaco to be closed, probably.

SparkDustJoe commented 7 years ago

Yeah, the change has been committed to GitHub but not published to the site yet, I'm sure Max has a lot on his plate. Either he or I can close this once it goes live to the site.

SparkDustJoe commented 5 years ago

Confirmed this was still incorrect on the website

maxtaco commented 5 years ago

cc @heronhaye, can you check it out?

heronhaye commented 5 years ago

Should be fixed on keybase.io/triplesec. Note that we released a new version as well.

SparkDustJoe commented 5 years ago

The original issue was fixed. Another typo snuck in:

Initial value (IV) generation. A random number generator is queried to produce an initial for each of the three ciphers: a 192-bit IV for Salsa20; and a 128-bit IV for AES. In versions 3 and prior, a 128-bit IV is generated for Twofish in between the generations for Salsa20 and AES.

Should be "each of the two ciphers:", or "for both ciphers:". And I think a word was dropped. "initial vector for each of"

heronhaye commented 5 years ago

Fixed. Thanks!