| nigori-protocol-00.txt | nigori-protocol-01.txt | |||
|---|---|---|---|---|
| Draft B. Laurie | Draft B. Laurie | |||
| Google Ltd. | Google Ltd. | |||
| June 22, 2010 | September 5, 2010 | |||
| Nigori: Storing Secrets in the Cloud | Nigori: Storing Secrets in the Cloud | |||
| Nigori September 2010 | ||||
| Abstract | Abstract | |||
| Nigori is a protocol for storing secrets in the cloud such that the | Nigori is a protocol for storing secrets in the cloud such that the | |||
| storage need not be trusted and only a single password is required to | storage need not be trusted and only a single password is required to | |||
| access secrets. | access secrets. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| skipping to change at page 3, line 4 | skipping to change at page 3, line 4 | |||
| 9. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 | 9. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 10. Pre-calculated values for mod_inverse(x, p) . . . . . . . . . 16 | 10. Pre-calculated values for mod_inverse(x, p) . . . . . . . . . 16 | |||
| 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24 | 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24 | |||
| 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 | 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 | |||
| 13. Security Considerations . . . . . . . . . . . . . . . . . . . 26 | 13. Security Considerations . . . . . . . . . . . . . . . . . . . 26 | |||
| 14. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27 | 14. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27 | |||
| 14.1. Normative References . . . . . . . . . . . . . . . . . . . 27 | 14.1. Normative References . . . . . . . . . . . . . . . . . . . 27 | |||
| 14.2. Informative References . . . . . . . . . . . . . . . . . . 27 | 14.2. Informative References . . . . . . . . . . . . . . . . . . 27 | |||
| Editorial Comments . . . . . . . . . . . . . . . . . . . . . . . . | Editorial Comments . . . . . . . . . . . . . . . . . . . . . . . . | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 29 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 29 | |||
| Nigori September 2010 | ||||
| 1. Introduction | 1. Introduction | |||
| 1.1. Requirements Language | 1.1. Requirements Language | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in RFC 2119 [RFC2119]. | document are to be interpreted as described in RFC 2119 [RFC2119]. | |||
| 1.2. Notation | 1.2. Notation | |||
| skipping to change at page 4, line 5 | skipping to change at page 4, line 5 | |||
| Enc[k1, k2](P) means the encryption of plaintext P using AES-256 in | Enc[k1, k2](P) means the encryption of plaintext P using AES-256 in | |||
| CBC mode with a random IV, standard padding (i.e. n bytes of value n | CBC mode with a random IV, standard padding (i.e. n bytes of value n | |||
| s.t. the plaintext is extended to a multiple of 16 bytes, n > 0) and | s.t. the plaintext is extended to a multiple of 16 bytes, n > 0) and | |||
| key k1, giving ciphertext C, followed by HMAC(k2, C). | key k1, giving ciphertext C, followed by HMAC(k2, C). | |||
| Permute[k1, k2](P) means the encryption of plaintext P using AES-256 | Permute[k1, k2](P) means the encryption of plaintext P using AES-256 | |||
| in CBC mode with an all-zero IV, standard padding (i.e. n bytes of | in CBC mode with an all-zero IV, standard padding (i.e. n bytes of | |||
| value n s.t. the plaintext is extended to a multiple of 16 bytes, n > | value n s.t. the plaintext is extended to a multiple of 16 bytes, n > | |||
| 0) and key k1, giving ciphertext C, followed by HMAC(k2, C). | 0) and key k1, giving ciphertext C, followed by HMAC(k2, C). | |||
| Nigori September 2010 | ||||
| 1.3. Constants | 1.3. Constants | |||
| +---------+--------+------------------------------------------------+ | +---------+--------+------------------------------------------------+ | |||
| | Name | Value | Notes | | | Name | Value | Notes | | |||
| +---------+--------+------------------------------------------------+ | +---------+--------+------------------------------------------------+ | |||
| | Nsalt | 1000 | [1] | | | Nsalt | 1000 | [1] | | |||
| | | | | | | | | | | |||
| | Nuser | Nsalt | [1] | | | Nuser | Nsalt | [1] | | |||
| | | + 1 | | | | | + 1 | | | |||
| | | | | | | | | | | |||
| skipping to change at page 5, line 4 | skipping to change at page 5, line 4 | |||
| | Bmac | 16 | encryption MAC key size (Kmac) | | | Bmac | 16 | encryption MAC key size (Kmac) | | |||
| | | | | | | | | | | |||
| | Bmaster | 16 | size in bytes of Kmaster | | | Bmaster | 16 | size in bytes of Kmaster | | |||
| +---------+--------+------------------------------------------------+ | +---------+--------+------------------------------------------------+ | |||
| [1] should be at least 1000 and different from other N values - the | [1] should be at least 1000 and different from other N values - the | |||
| properties of PBKDF2 then ensure that no key can be derived from any | properties of PBKDF2 then ensure that no key can be derived from any | |||
| other key. | other key. | |||
| Constants | Constants | |||
| Nigori September 2010 | ||||
| 2. Key and Salt Derivation | 2. Key and Salt Derivation | |||
| Three keys are required for the Nigori protocol | Three keys are required for the Nigori protocol | |||
| Kuser: User Authentication Key - this is used to authenticate the | Kuser: User Authentication Key - this is used to authenticate the | |||
| user to the Nigori server(s). Note that this is used in a way | user to the Nigori server(s). Note that this is used in a way | |||
| which does not give an eavesdropper a dictionary attack against | which does not give an eavesdropper a dictionary attack against | |||
| the master password from which it is derived. | the master password from which it is derived. | |||
| skipping to change at page 6, line 4 | skipping to change at page 6, line 4 | |||
| If the user forgets the password, there is no way to recover the | If the user forgets the password, there is no way to recover the | |||
| various keys, unless either the password or the derived keys are | various keys, unless either the password or the derived keys are | |||
| escrowed in some way. Such escrow is outside the scope of this | escrowed in some way. Such escrow is outside the scope of this | |||
| protocol. | protocol. | |||
| 2.2. Assisted Password-based Key Derivation | 2.2. Assisted Password-based Key Derivation | |||
| In this mode, the user has an account at some server which will | In this mode, the user has an account at some server which will | |||
| supply a master encryption key, Kmaster, if the user successfully | supply a master encryption key, Kmaster, if the user successfully | |||
| authenticates. How this is done is up to the server, but we | authenticates. How this is done is up to the server, but we | |||
| Nigori September 2010 | ||||
| recommend that the server derive it from a hash of the user's | recommend that the server derive it from a hash of the user's | |||
| password at the server, Pserver, such as the one used to check the | password at the server, Pserver, such as the one used to check the | |||
| password when the user logs in, as follows: | password when the user logs in, as follows: | |||
| Kmaster = PBKDF2(H(Pserver), Sserver, Nmaster, Bmaster) | Kmaster = PBKDF2(H(Pserver), Sserver, Nmaster, Bmaster) | |||
| where Sserver is a secret known only to the server. This prevents | where Sserver is a secret known only to the server. This prevents | |||
| dictionary attacks to try to derive Pserver from Kmaster. If the | dictionary attacks to try to derive Pserver from Kmaster. If the | |||
| user forgets his password, the server can still derive Kmaster from | user forgets his password, the server can still derive Kmaster from | |||
| the old password hash once the user has recovered his account. | the old password hash once the user has recovered his account. | |||
| skipping to change at page 7, line 4 | skipping to change at page 7, line 4 | |||
| Kuser = PBKDF2(Pnigori, Suser, Nuser, Buser) | Kuser = PBKDF2(Pnigori, Suser, Nuser, Buser) | |||
| Kenc = PBKDF2(Kmaster, Suser, Nenc, Benc) | Kenc = PBKDF2(Kmaster, Suser, Nenc, Benc) | |||
| Kmac = PBKDF2(Kmaster, Suser, Nmac, Bmac) | Kmac = PBKDF2(Kmaster, Suser, Nmac, Bmac) | |||
| If the user forgets Pnigori or Pserver there is now the possibility | If the user forgets Pnigori or Pserver there is now the possibility | |||
| of account recovery using traditional recovery mechanisms. [Note: | of account recovery using traditional recovery mechanisms. [Note: | |||
| the client should be able to cache Kmaster so it doesn't always have | the client should be able to cache Kmaster so it doesn't always have | |||
| to contact the auth server] | to contact the auth server] | |||
| Nigori September 2010 | ||||
| 3. Authentication | 3. Authentication | |||
| When the user registers at a server, he presents his username (an | When the user registers at a server, he presents his username (an | |||
| arbitrary octet string [TBD: max length?]) websafe base64 encoded, | arbitrary octet string [TBD: max length?]) websafe base64 encoded, | |||
| and g ^ Kuser mod p. Then to authenticate to the server he presents | and g ^ Kuser mod p. Then to authenticate to the server he presents | |||
| his username (u), the server name (ns), the time in seconds since Jan | his username (u), the server name (ns), the time in seconds since Jan | |||
| 1 1970 (nt) and random string (nr) and a DSA signature using Kuser | 1 1970 (nt) and random string (nr) and a DSA signature using Kuser | |||
| over u || ns || nt || nr. At least one of these must be different | over u || ns || nt || nr. At least one of these must be different | |||
| every time they are used, in order to defeat replay attacks. | every time they are used, in order to defeat replay attacks. | |||
| The server checks that nt is recent (so it can drop old entries from | The server checks that nt is recent (so it can drop old entries from | |||
| its replay database), checks that it has not seen u || ns || nt || nr | its replay database), checks that it has not seen u || ns || nt || nr | |||
| before, looks up g ^ Kuser for the user u, and verifies the DSA | before, looks up g ^ Kuser for the user u, and verifies the DSA | |||
| signature. If all these checks pass, the user is authenticated. | signature. If all these checks pass, the user is authenticated. | |||
| Nigori September 2010 | ||||
| 4. Storage of Secrets | 4. Storage of Secrets | |||
| Secrets are identified by a type and a name. The value of the name | Secrets are identified by a type and a name. The value of the name | |||
| depends on the type, as does the value of the stored secret. | depends on the type, as does the value of the stored secret. | |||
| Currently defined types are: | Currently defined types are: | |||
| Type 1: a password. The name is the URL at which the password is | Type 1: a password. The name is the URL at which the password is | |||
| to be presented [Note: simplistic, what should we really do?], the | to be presented [Note: simplistic, what should we really do?], the | |||
| value is the password. [Switch this to JSON] | value is the password. [Switch this to JSON] | |||
| skipping to change at page 9, line 5 | skipping to change at page 9, line 5 | |||
| then we could also allow third parties access to single secrets via | then we could also allow third parties access to single secrets via | |||
| protocols such as OAuth. The most general form of this would give an | protocols such as OAuth. The most general form of this would give an | |||
| the service provider (SP) the per-secret key and an OAuth token to | the service provider (SP) the per-secret key and an OAuth token to | |||
| retrieve the current value of that secret. A general purpose crypto | retrieve the current value of that secret. A general purpose crypto | |||
| service could be used which performed encryption, signing etc. on | service could be used which performed encryption, signing etc. on | |||
| behalf of less trusted services - in this case, the final SP would | behalf of less trusted services - in this case, the final SP would | |||
| have OAuth access to the crypto SP, which in turn would have OAuth | have OAuth access to the crypto SP, which in turn would have OAuth | |||
| access to the appropriate secret in Nigori. | access to the appropriate secret in Nigori. | |||
| Nigori September 2010 | ||||
| 5. Secret Storage at a Single Server | 5. Secret Storage at a Single Server | |||
| 5.1. Storage | 5.1. Storage | |||
| The client sends authentication information as specified above, plus | The client sends authentication information as specified above, plus | |||
| the key and value. | the key and value. | |||
| 5.2. Retrieval | 5.2. Retrieval | |||
| The client sends authentication information and the key. The server | The client sends authentication information and the key. The server | |||
| returns the value. | returns the value. | |||
| Nigori September 2010 | ||||
| 6. Secret Storage at Multiple Servers | 6. Secret Storage at Multiple Servers | |||
| This looks exactly the same to each server as storage at a single | This looks exactly the same to each server as storage at a single | |||
| server would. However, the client takes the value, V, it would store | server would. However, the client takes the value, V, it would store | |||
| at a single server and splits it using a Shamir split, with the k | at a single server and splits it using a Shamir split, with the k | |||
| value as determined by the user (n is obviously equal to the number | value as determined by the user (n is obviously equal to the number | |||
| of servers). Each split is then stored at one of the servers as | of servers). Each split is then stored at one of the servers as | |||
| Enc[Kenc,Kmac](i || Si). [anchor16] | Enc[Kenc,Kmac](i || Si). [anchor16] | |||
| Nigori September 2010 | ||||
| 7. Protocol Details | 7. Protocol Details | |||
| All octet strings are transmitted as websafe base64. | All octet strings are transmitted as websafe base64. | |||
| [server] is the base URL for the server. All request MUST be | [server] is the base URL for the server. All request MUST be | |||
| performed over HTTPS. The client MUST check the certificate (note: | performed over HTTPS. The client MUST check the certificate (note: | |||
| "check" may mean "is the same certificate as seen when the user | "check" may mean "is the same certificate as seen when the user | |||
| registered at or first visited the server"). | registered at or first visited the server"). | |||
| skipping to change at page 12, line 4 | skipping to change at page 12, line 4 | |||
| +-----------+---------------+ | +-----------+---------------+ | |||
| The server adds the value to the list of values stored for that key. | The server adds the value to the list of values stored for that key. | |||
| 7.2. Retrieval | 7.2. Retrieval | |||
| Retrieval is a GET request to [server]/get Suggest just using | Retrieval is a GET request to [server]/get Suggest just using | |||
| "/store" here -- why multiply endpoints without necessity -- assuming | "/store" here -- why multiply endpoints without necessity -- assuming | |||
| "store" could be a noun in this context. -John Panzer 3/1/10 1:03 PM | "store" could be a noun in this context. -John Panzer 3/1/10 1:03 PM | |||
| with an empty body and parameters as follows | with an empty body and parameters as follows | |||
| Nigori September 2010 | ||||
| +-----------+---------------+ | +-----------+---------------+ | |||
| | Parameter | Value | | | Parameter | Value | | |||
| +-----------+---------------+ | +-----------+---------------+ | |||
| | u | user name | | | u | user name | | |||
| | | | | | | | | |||
| | ns | server name | | | ns | server name | | |||
| | | | | | | | | |||
| | nt | time | | | nt | time | | |||
| | | | | | | | | |||
| | nr | random | | | nr | random | | |||
| skipping to change at page 13, line 4 | skipping to change at page 13, line 4 | |||
| 7.3. Responses | 7.3. Responses | |||
| 200 OK | 200 OK | |||
| 401 Signature does not verify | 401 Signature does not verify | |||
| 401 This is a replay | 401 This is a replay | |||
| 403 Signature verifies but ACL doesn't | 403 Signature verifies but ACL doesn't | |||
| Nigori September 2010 | ||||
| 8. Algorithms | 8. Algorithms | |||
| I'll describe the algorithms in psuedocode here. There are also | I'll describe the algorithms in psuedocode here. There are also | |||
| Python implementations available at http://code.google.com/p/nigori/ | Python implementations available at http://code.google.com/p/nigori/ | |||
| 8.1. Shamir Secret Split | 8.1. Shamir Secret Split | |||
| A Shamir secret split takes some secret (a number less than the | A Shamir secret split takes some secret (a number less than the | |||
| public parameter, p) and splits it into n components such that any k | public parameter, p) and splits it into n components such that any k | |||
| components can be used to retrieve it. The public parameter is the | components can be used to retrieve it. The public parameter is the | |||
| same for all implementations and is the 4096 bit verified prime: | same for all implementations and is the 4096 bit verified prime: | |||
| Because the secret we want to split is in fact an arbitrary sequence | ||||
| of bytes, we need to first encode it into a number. We do this by | ||||
| prefixing the byte sequence with a single byte with the value 01 and | ||||
| then interpreting the byte sequence as a bigendian number. When | ||||
| recovering the secret from the split this 01 byte MUST be checked and | ||||
| stripped. | ||||
| p = | p = | |||
| FFFFFFFFFFFFFFFF C90FDAA22168C234 C4C6628B80DC1CD1 29024E088A67CC74 | FFFFFFFFFFFFFFFF C90FDAA22168C234 C4C6628B80DC1CD1 29024E088A67CC74 | |||
| 020BBEA63B139B22 514A08798E3404DD EF9519B3CD3A431B 302B0A6DF25F1437 | 020BBEA63B139B22 514A08798E3404DD EF9519B3CD3A431B 302B0A6DF25F1437 | |||
| 4FE1356D6D51C245 E485B576625E7EC6 F44C42E9A637ED6B 0BFF5CB6F406B7ED | 4FE1356D6D51C245 E485B576625E7EC6 F44C42E9A637ED6B 0BFF5CB6F406B7ED | |||
| EE386BFB5A899FA5 AE9F24117C4B1FE6 49286651ECE45B3D C2007CB8A163BF05 | EE386BFB5A899FA5 AE9F24117C4B1FE6 49286651ECE45B3D C2007CB8A163BF05 | |||
| 98DA48361C55D39A 69163FA8FD24CF5F 83655D23DCA3AD96 1C62F356208552BB | 98DA48361C55D39A 69163FA8FD24CF5F 83655D23DCA3AD96 1C62F356208552BB | |||
| 9ED529077096966D 670C354E4ABC9804 F1746C08CA18217C 32905E462E36CE3B | 9ED529077096966D 670C354E4ABC9804 F1746C08CA18217C 32905E462E36CE3B | |||
| E39E772C180E8603 9B2783A2EC07A28F B5C55DF06F4C52C9 DE2BCBF695581718 | E39E772C180E8603 9B2783A2EC07A28F B5C55DF06F4C52C9 DE2BCBF695581718 | |||
| 3995497CEA956AE5 15D2261898FA0510 15728E5A8AAAC42D AD33170D04507A33 | 3995497CEA956AE5 15D2261898FA0510 15728E5A8AAAC42D AD33170D04507A33 | |||
| A85521ABDF1CBA64 ECFB850458DBEF0A 8AEA71575D060C7D B3970F85A6E1E4C7 | A85521ABDF1CBA64 ECFB850458DBEF0A 8AEA71575D060C7D B3970F85A6E1E4C7 | |||
| skipping to change at page 13, line 42 | skipping to change at page 13, line 50 | |||
| 233BA186515BE7ED 1F612970CEE2D7AF B81BDD762170481C D0069127D5B05AA9 | 233BA186515BE7ED 1F612970CEE2D7AF B81BDD762170481C D0069127D5B05AA9 | |||
| 93B4EA988D8FDDC1 86FFB7DC90A6C08F 4DF435C934063199 FFFFFFFFFFFFFFFF | 93B4EA988D8FDDC1 86FFB7DC90A6C08F 4DF435C934063199 FFFFFFFFFFFFFFFF | |||
| To split: | To split: | |||
| 1. Create an array, a, of length k. | 1. Create an array, a, of length k. | |||
| 2. Set a[0] = secret. | 2. Set a[0] = secret. | |||
| 3. Set a[1] to a[k-1] to random integers in the range [0,p) (i.e. 0 | 3. Set a[1] to a[k-1] to random integers in the range [0,p) (i.e. 0 | |||
| < a[i] < p). Use a cryptographic random number | <= a[i] < p). Use a cryptographic random number | |||
| generator.[anchor23] | generator.[anchor23] | |||
| Nigori September 2010 | ||||
| 4. For i in the range 1 to n inclusive, compute poly(a, i) (see | 4. For i in the range 1 to n inclusive, compute poly(a, i) (see | |||
| below), the result is the i'th share. | below), the result is the i'th share. | |||
| poly(a, i): | poly(a, i): | |||
| 1. Set t = 0. | 1. Set t = 0. | |||
| 2. for j in the range 0 to k-1 inclusive, compute t = (t + a[j] * | 2. for j in the range 0 to k-1 inclusive, compute t = (t + a[j] * | |||
| i^j) mod p | i^j) mod p | |||
| skipping to change at page 15, line 4 | skipping to change at page 15, line 4 | |||
| mod_inverse(x, p) is the inverse of x in Zp - that is, x * | mod_inverse(x, p) is the inverse of x in Zp - that is, x * | |||
| mod_inverse(x, p) mod p = 1. Note that many implementations require | mod_inverse(x, p) mod p = 1. Note that many implementations require | |||
| x to be in the range [1,p) so it may be necessary to calculate | x to be in the range [1,p) so it may be necessary to calculate | |||
| mod_inverse((j-i) mod p, p) to avoid an error (note that j-i mod p = | mod_inverse((j-i) mod p, p) to avoid an error (note that j-i mod p = | |||
| j-i if j-i >= 0 and = j-i+p if j-i < 0). Also note that since i and | j-i if j-i >= 0 and = j-i+p if j-i < 0). Also note that since i and | |||
| j are small and p is fixed, mod_inverse(j-i, p) could be pre- | j are small and p is fixed, mod_inverse(j-i, p) could be pre- | |||
| calculated or cached (see below for pre-calculated values). | calculated or cached (see below for pre-calculated values). | |||
| [anchor24] | [anchor24] | |||
| Nigori September 2010 | ||||
| 9. Examples | 9. Examples | |||
| Nigori September 2010 | ||||
| 10. Pre-calculated values for mod_inverse(x, p) | 10. Pre-calculated values for mod_inverse(x, p) | |||
| mod_inverse(-10, p) = | mod_inverse(-10, p) = | |||
| 4ccccccccccccccc bc518e63d6d2a0a9 6e3b83f6a6a86f0b 8c4d7dcf5cb8bd56 | 4ccccccccccccccc bc518e63d6d2a0a9 6e3b83f6a6a86f0b 8c4d7dcf5cb8bd56 | |||
| 009d1f9844ec4823 e52fcf57aaa934a8 fb13214f8a5e4754 f4d9b6542f1c8610 | 009d1f9844ec4823 e52fcf57aaa934a8 fb13214f8a5e4754 f4d9b6542f1c8610 | |||
| 97f6c33a6d988714 f7c1b67050b5f2d5 494a1412e510c739 b6cc9bd07c686a60 | 97f6c33a6d988714 f7c1b67050b5f2d5 494a1412e510c739 b6cc9bd07c686a60 | |||
| faaa86cb67f6164b 4dfc8ad20bb0232b 7c58eb7efa4481c5 ba33589dca0452e8 | faaa86cb67f6164b 4dfc8ad20bb0232b 7c58eb7efa4481c5 ba33589dca0452e8 | |||
| 14417c103bb35914 b920464c4bf17169 743802578efde746 a21daf66a35b326b | 14417c103bb35914 b920464c4bf17169 743802578efde746 a21daf66a35b326b | |||
| 7c7325e8a1c6c6ba 6bb6dccab00560ce 486fba02a3073d3e dbf81c4841107111 | 7c7325e8a1c6c6ba 6bb6dccab00560ce 486fba02a3073d3e dbf81c4841107111 | |||
| skipping to change at page 17, line 4 | skipping to change at page 17, line 4 | |||
| mod_inverse(-8, p) = | mod_inverse(-8, p) = | |||
| dfffffffffffffff cfeddf4ddd3ba9ee 2c2d963a10c09937 03e20447791ad2e5 | dfffffffffffffff cfeddf4ddd3ba9ee 2c2d963a10c09937 03e20447791ad2e5 | |||
| 81ca46d173b127be 0720c76a5c6d8442 31a2767d5392fab7 ca25a920341331b0 | 81ca46d173b127be 0720c76a5c6d8442 31a2767d5392fab7 ca25a920341331b0 | |||
| 65e50ebfbfa789fd 27f4fec79612aeee 15c2ba8c7170efbd aa7f71201585e0f0 | 65e50ebfbfa789fd 27f4fec79612aeee 15c2ba8c7170efbd aa7f71201585e0f0 | |||
| 30715e7bef386bb0 f8cb3f8f4cc1bbe9 80035987af47cfd6 09c06d218d374724 | 30715e7bef386bb0 f8cb3f8f4cc1bbe9 80035987af47cfd6 09c06d218d374724 | |||
| e5beff2f58cb1927 1bf377b3dd803573 92f8b17f610f37e3 58d694eb5c74a864 | e5beff2f58cb1927 1bf377b3dd803573 92f8b17f610f37e3 58d694eb5c74a864 | |||
| 2afa83e68283c39f ba2aaea481650504 5345de87b0d51d4c ac3e527d686ff474 | 2afa83e68283c39f ba2aaea481650504 5345de87b0d51d4c ac3e527d686ff474 | |||
| 672aa846950cb543 27c2932e8e86ae3d bf0cb2326162c870 a2665277c2ad1435 | 672aa846950cb543 27c2932e8e86ae3d bf0cb2326162c870 a2665277c2ad1435 | |||
| 3262a04d4d42bd88 7317e15585dac46e 12c43c8f39556ba7 f78cb42b63c66aed | 3262a04d4d42bd88 7317e15585dac46e 12c43c8f39556ba7 f78cb42b63c66aed | |||
| 334a7d7663392318 4f5c1463cdc07129 398d232c71654aed fd242d94f205a82e | 334a7d7663392318 4f5c1463cdc07129 398d232c71654aed fd242d94f205a82e | |||
| Nigori September 2010 | ||||
| b676f8bb3fa80d5c 3abb024440e0b56a 150757e15778909e 7309fac5fe58c758 | b676f8bb3fa80d5c 3abb024440e0b56a 150757e15778909e 7309fac5fe58c758 | |||
| 3d674224d6ef5d17 c7db45b5148bbc0b 2464f46c8b1531be e82857a8a37e1e05 | 3d674224d6ef5d17 c7db45b5148bbc0b 2464f46c8b1531be e82857a8a37e1e05 | |||
| c7c605ac6648f5cb 1b5ff07d44dd6e7c 821276fc93fce700 f723f4905296e9fc | c7c605ac6648f5cb 1b5ff07d44dd6e7c 821276fc93fce700 f723f4905296e9fc | |||
| 976366cea6030fc1 c68ac2355d9645f4 9741db2e1f526a5e e0d36c90e579c34b | 976366cea6030fc1 c68ac2355d9645f4 9741db2e1f526a5e e0d36c90e579c34b | |||
| c0444a7fa442bd1a 08bd1c919bc6f151 636cce1e649e4851 e67c4385ac7eab2d | c0444a7fa442bd1a 08bd1c919bc6f151 636cce1e649e4851 e67c4385ac7eab2d | |||
| ded42d5587306aef 7b750442b5067cb9 c11861c75d423f19 3605bf02dafa4f54 | ded42d5587306aef 7b750442b5067cb9 c11861c75d423f19 3605bf02dafa4f54 | |||
| 613e4d457bdde209 561fc0e0fe91e87d 6435af100d856b66 bfffffffffffffff | 613e4d457bdde209 561fc0e0fe91e87d 6435af100d856b66 bfffffffffffffff | |||
| mod_inverse(-7, p) = | mod_inverse(-7, p) = | |||
| 6db6db6db6db6db6 c3e23920e9bf2ea8 e69e2a3bc982e7c7 5ab7d84ccd9a330d | 6db6db6db6db6db6 c3e23920e9bf2ea8 e69e2a3bc982e7c7 5ab7d84ccd9a330d | |||
| skipping to change at page 18, line 4 | skipping to change at page 18, line 4 | |||
| b211ed05b6bf63fe 6336cca810d2e321 3eed039b379b86ab 9609dcba364695b3 | b211ed05b6bf63fe 6336cca810d2e321 3eed039b379b86ab 9609dcba364695b3 | |||
| 9c5eab0df370a14a d577f5e9ae76bc87 6b7bac2bed1189e0 7498982879064017 | 9c5eab0df370a14a d577f5e9ae76bc87 6b7bac2bed1189e0 7498982879064017 | |||
| 61c722612eb97724 fc21d210c51efe35 21bcf510c159caf8 aabf7d425b234db1 | 61c722612eb97724 fc21d210c51efe35 21bcf510c159caf8 aabf7d425b234db1 | |||
| c807069a9921ebf0 44d0f7de01bd0912 6ec1e337c6883c18 02b023a13212f637 | c807069a9921ebf0 44d0f7de01bd0912 6ec1e337c6883c18 02b023a13212f637 | |||
| fb16c37f20a28e21 45d51937cde04b22 164b8227ab5a7eaa ffffffffffffffff | fb16c37f20a28e21 45d51937cde04b22 164b8227ab5a7eaa ffffffffffffffff | |||
| mod_inverse(-5, p) = | mod_inverse(-5, p) = | |||
| 9999999999999999 78a31cc7ada54152 dc7707ed4d50de17 189afb9eb9717aac | 9999999999999999 78a31cc7ada54152 dc7707ed4d50de17 189afb9eb9717aac | |||
| 013a3f3089d89047 ca5f9eaf55526951 f626429f14bc8ea9 e9b36ca85e390c21 | 013a3f3089d89047 ca5f9eaf55526951 f626429f14bc8ea9 e9b36ca85e390c21 | |||
| 2fed8674db310e29 ef836ce0a16be5aa 92942825ca218e73 6d9937a0f8d0d4c1 | 2fed8674db310e29 ef836ce0a16be5aa 92942825ca218e73 6d9937a0f8d0d4c1 | |||
| Nigori September 2010 | ||||
| f5550d96cfec2c96 9bf915a417604656 f8b1d6fdf489038b 7466b13b9408a5d0 | f5550d96cfec2c96 9bf915a417604656 f8b1d6fdf489038b 7466b13b9408a5d0 | |||
| 2882f8207766b229 72408c9897e2e2d2 e87004af1dfbce8d 443b5ecd46b664d6 | 2882f8207766b229 72408c9897e2e2d2 e87004af1dfbce8d 443b5ecd46b664d6 | |||
| f8e64bd1438d8d74 d76db995600ac19c 90df7405460e7a7d b7f038908220e223 | f8e64bd1438d8d74 d76db995600ac19c 90df7405460e7a7d b7f038908220e223 | |||
| eef8ade741a25068 904ae894f40494bc a043385d0f9431ac 521a472d8cce7441 | eef8ade741a25068 904ae894f40494bc a043385d0f9431ac 521a472d8cce7441 | |||
| bc265f4af3267356 404ae3a85bc9363c d9ab223653334281 ce51daa168fd161e | bc265f4af3267356 404ae3a85bc9363c d9ab223653334281 ce51daa168fd161e | |||
| fe997a9a52aad63c 8e3083029bb72906 535977346b03a118 388dd61cfdbabc77 | fe997a9a52aad63c 8e3083029bb72906 535977346b03a118 388dd61cfdbabc77 | |||
| cd9368bae9d2524d df2126202c7cd42b 7c224ae3a9b1c240 c3e996041c1f9ea2 | cd9368bae9d2524d df2126202c7cd42b 7c224ae3a9b1c240 c3e996041c1f9ea2 | |||
| e846ce4525ab7308 fe12b374dae379a1 3d870e01496d9e74 476c1eda09b590ee | e846ce4525ab7308 fe12b374dae379a1 3d870e01496d9e74 476c1eda09b590ee | |||
| 0554962d12f03383 f5839d97ba317055 6081b0ad324704cd 76448a7197b7f0e7 | 0554962d12f03383 f5839d97ba317055 6081b0ad324704cd 76448a7197b7f0e7 | |||
| b844293d3ea3037d 8f7517750cf9548a 76590b52d3a63a4f b01bf2ac8018faf2 | b844293d3ea3037d 8f7517750cf9548a 76590b52d3a63a4f b01bf2ac8018faf2 | |||
| skipping to change at page 19, line 4 | skipping to change at page 19, line 4 | |||
| 69e370afa0646448 ef5d78dedc7dbaad f64d9d5b31656ba8 21b5942ec979ded2 | 69e370afa0646448 ef5d78dedc7dbaad f64d9d5b31656ba8 21b5942ec979ded2 | |||
| 97befa1d655f0402 676fad174805170a 792e3ea04a32e1db e97287f9b8e564ba | 97befa1d655f0402 676fad174805170a 792e3ea04a32e1db e97287f9b8e564ba | |||
| d10e30fdf1b8f1ee 0e8c1965bb5158b5 63a1b43c5c71d81e 737764b35835a6cd | d10e30fdf1b8f1ee 0e8c1965bb5158b5 63a1b43c5c71d81e 737764b35835a6cd | |||
| 1ae36bc7ea1326ed f35258ad90929f5c 5c9c4b8f93595da9 2264b503c4969885 | 1ae36bc7ea1326ed f35258ad90929f5c 5c9c4b8f93595da9 2264b503c4969885 | |||
| 1d4e745de75b77e4 bf086340316e4113 df428c196737499d 4b755159e65c0598 | 1d4e745de75b77e4 bf086340316e4113 df428c196737499d 4b755159e65c0598 | |||
| 904eac4cd4859c42 e16a1cbaba52155d d2960f8fa6eb939d a4b105d5d1e62f41 | 904eac4cd4859c42 e16a1cbaba52155d d2960f8fa6eb939d a4b105d5d1e62f41 | |||
| 5b418a6af8991ccb 82923d5340a8b5b4 32573615c6160556 11a17d61c505448f | 5b418a6af8991ccb 82923d5340a8b5b4 32573615c6160556 11a17d61c505448f | |||
| b04bbc0b2926e76f 112cc4baf1f896d2 bc62f023240e07e6 c3ad4686c7383345 | b04bbc0b2926e76f 112cc4baf1f896d2 bc62f023240e07e6 c3ad4686c7383345 | |||
| e7d281e758945f50 c9b4a80d6a7f31c4 1afd90da3447d593 bbcc643515b5d7c1 | e7d281e758945f50 c9b4a80d6a7f31c4 1afd90da3447d593 bbcc643515b5d7c1 | |||
| 6cd26baee0e7eff3 6a40c64b34973a75 2567e8f96ba03013 3559b61a8e7591c6 | 6cd26baee0e7eff3 6a40c64b34973a75 2567e8f96ba03013 3559b61a8e7591c6 | |||
| Nigori September 2010 | ||||
| 62789c65b3b53e81 04aa7a930b19d5b4 dea2ce8622aecbbb ffffffffffffffff | 62789c65b3b53e81 04aa7a930b19d5b4 dea2ce8622aecbbb ffffffffffffffff | |||
| mod_inverse(-2, p) = | mod_inverse(-2, p) = | |||
| 7fffffffffffffff e487ed5110b4611a 62633145c06e0e68 948127044533e63a | 7fffffffffffffff e487ed5110b4611a 62633145c06e0e68 948127044533e63a | |||
| 0105df531d89cd91 28a5043cc71a026e f7ca8cd9e69d218d 98158536f92f8a1b | 0105df531d89cd91 28a5043cc71a026e f7ca8cd9e69d218d 98158536f92f8a1b | |||
| a7f09ab6b6a8e122 f242dabb312f3f63 7a262174d31bf6b5 85ffae5b7a035bf6 | a7f09ab6b6a8e122 f242dabb312f3f63 7a262174d31bf6b5 85ffae5b7a035bf6 | |||
| f71c35fdad44cfd2 d74f9208be258ff3 24943328f6722d9e e1003e5c50b1df82 | f71c35fdad44cfd2 d74f9208be258ff3 24943328f6722d9e e1003e5c50b1df82 | |||
| cc6d241b0e2ae9cd 348b1fd47e9267af c1b2ae91ee51d6cb 0e3179ab1042a95d | cc6d241b0e2ae9cd 348b1fd47e9267af c1b2ae91ee51d6cb 0e3179ab1042a95d | |||
| cf6a9483b84b4b36 b3861aa7255e4c02 78ba3604650c10be 19482f23171b671d | cf6a9483b84b4b36 b3861aa7255e4c02 78ba3604650c10be 19482f23171b671d | |||
| f1cf3b960c074301 cd93c1d17603d147 dae2aef837a62964 ef15e5fb4aac0b8c | f1cf3b960c074301 cd93c1d17603d147 dae2aef837a62964 ef15e5fb4aac0b8c | |||
| skipping to change at page 20, line 4 | skipping to change at page 20, line 4 | |||
| mod_inverse(1, p) = 1 | mod_inverse(1, p) = 1 | |||
| mod_inverse(2, p) = | mod_inverse(2, p) = | |||
| 7fffffffffffffff e487ed5110b4611a 62633145c06e0e68 948127044533e63a | 7fffffffffffffff e487ed5110b4611a 62633145c06e0e68 948127044533e63a | |||
| 0105df531d89cd91 28a5043cc71a026e f7ca8cd9e69d218d 98158536f92f8a1b | 0105df531d89cd91 28a5043cc71a026e f7ca8cd9e69d218d 98158536f92f8a1b | |||
| a7f09ab6b6a8e122 f242dabb312f3f63 7a262174d31bf6b5 85ffae5b7a035bf6 | a7f09ab6b6a8e122 f242dabb312f3f63 7a262174d31bf6b5 85ffae5b7a035bf6 | |||
| f71c35fdad44cfd2 d74f9208be258ff3 24943328f6722d9e e1003e5c50b1df82 | f71c35fdad44cfd2 d74f9208be258ff3 24943328f6722d9e e1003e5c50b1df82 | |||
| cc6d241b0e2ae9cd 348b1fd47e9267af c1b2ae91ee51d6cb 0e3179ab1042a95d | cc6d241b0e2ae9cd 348b1fd47e9267af c1b2ae91ee51d6cb 0e3179ab1042a95d | |||
| cf6a9483b84b4b36 b3861aa7255e4c02 78ba3604650c10be 19482f23171b671d | cf6a9483b84b4b36 b3861aa7255e4c02 78ba3604650c10be 19482f23171b671d | |||
| f1cf3b960c074301 cd93c1d17603d147 dae2aef837a62964 ef15e5fb4aac0b8c | f1cf3b960c074301 cd93c1d17603d147 dae2aef837a62964 ef15e5fb4aac0b8c | |||
| Nigori September 2010 | ||||
| 1ccaa4be754ab572 8ae9130c4c7d0288 0ab9472d45556216 d6998b8682283d19 | 1ccaa4be754ab572 8ae9130c4c7d0288 0ab9472d45556216 d6998b8682283d19 | |||
| d42a90d5ef8e5d32 767dc2822c6df785 457538abae83063e d9cb87c2d370f263 | d42a90d5ef8e5d32 767dc2822c6df785 457538abae83063e d9cb87c2d370f263 | |||
| d5fad7466d8499eb 8f464a702512b0ce e771e9130d697735 f897fd036cc50432 | d5fad7466d8499eb 8f464a702512b0ce e771e9130d697735 f897fd036cc50432 | |||
| 6c3b01399f643532 290f958c0bbd9006 5df08babbd30aeb6 3b84c4605d6ca371 | 6c3b01399f643532 290f958c0bbd9006 5df08babbd30aeb6 3b84c4605d6ca371 | |||
| 047127d03a72d598 a1edadfe707e8847 25c1689054908400 8d391e0953c3f36b | 047127d03a72d598 a1edadfe707e8847 25c1689054908400 8d391e0953c3f36b | |||
| c438cd085edd2d93 4ce1938c357a711e 0d4a341a5b0a85ed 12c1f4e5156a2674 | c438cd085edd2d93 4ce1938c357a711e 0d4a341a5b0a85ed 12c1f4e5156a2674 | |||
| 6ddde16d826f477c 97477e0a0fdf6553 143e2ca3a735e02e ccd94b27d04861d1 | 6ddde16d826f477c 97477e0a0fdf6553 143e2ca3a735e02e ccd94b27d04861d1 | |||
| 119dd0c328adf3f6 8fb094b867716bd7 dc0deebb10b8240e 68034893ead82d54 | 119dd0c328adf3f6 8fb094b867716bd7 dc0deebb10b8240e 68034893ead82d54 | |||
| c9da754c46c7eee0 c37fdbee48536047 a6fa1ae49a0318cd 0000000000000000 | c9da754c46c7eee0 c37fdbee48536047 a6fa1ae49a0318cd 0000000000000000 | |||
| skipping to change at page 21, line 4 | skipping to change at page 21, line 4 | |||
| eafd6ba336c24cf5 c7a3253812895867 73b8f48986b4bb9a fc4bfe81b6628219 | eafd6ba336c24cf5 c7a3253812895867 73b8f48986b4bb9a fc4bfe81b6628219 | |||
| 361d809ccfb21a99 1487cac605dec803 2ef845d5de98575b 1dc262302eb651b8 | 361d809ccfb21a99 1487cac605dec803 2ef845d5de98575b 1dc262302eb651b8 | |||
| 823893e81d396acc 50f6d6ff383f4423 92e0b4482a484200 469c8f04a9e1f9b5 | 823893e81d396acc 50f6d6ff383f4423 92e0b4482a484200 469c8f04a9e1f9b5 | |||
| e21c66842f6e96c9 a670c9c61abd388f 06a51a0d2d8542f6 8960fa728ab5133a | e21c66842f6e96c9 a670c9c61abd388f 06a51a0d2d8542f6 8960fa728ab5133a | |||
| 36eef0b6c137a3be 4ba3bf0507efb2a9 8a1f1651d39af017 666ca593e82430e8 | 36eef0b6c137a3be 4ba3bf0507efb2a9 8a1f1651d39af017 666ca593e82430e8 | |||
| 88cee8619456f9fb 47d84a5c33b8b5eb ee06f75d885c1207 3401a449f56c16aa | 88cee8619456f9fb 47d84a5c33b8b5eb ee06f75d885c1207 3401a449f56c16aa | |||
| 64ed3aa62363f770 61bfedf72429b023 d37d0d724d018c66 8000000000000000 | 64ed3aa62363f770 61bfedf72429b023 d37d0d724d018c66 8000000000000000 | |||
| mod_inverse(5, p) = | mod_inverse(5, p) = | |||
| 6666666666666666 506cbdda73c380e1 e84f5a9e338b3eba 10675269d0f651c8 | 6666666666666666 506cbdda73c380e1 e84f5a9e338b3eba 10675269d0f651c8 | |||
| Nigori September 2010 | ||||
| 00d17f75b13b0ada 86ea69ca38e19b8b f96ed714b87db471 46779dc594260816 | 00d17f75b13b0ada 86ea69ca38e19b8b f96ed714b87db471 46779dc594260816 | |||
| 1ff3aef89220b41b f5024895c0f2991c 61b81ac3dc165ef7 9e662515fb35e32b | 1ff3aef89220b41b f5024895c0f2991c 61b81ac3dc165ef7 9e662515fb35e32b | |||
| f8e35e648a9d730f 12a60e6d64ead98f 50768f53f85b57b2 4d99cb7d0d5b1935 | f8e35e648a9d730f 12a60e6d64ead98f 50768f53f85b57b2 4d99cb7d0d5b1935 | |||
| 70575015a4ef2170 f6d5b3106541ec8c 9af55874bea7df08 d8279488d9ceede4 | 70575015a4ef2170 f6d5b3106541ec8c 9af55874bea7df08 d8279488d9ceede4 | |||
| a5eedd362d0908f8 8f9e7bb8eab1d668 6094f8038409a6fe 7aa025b5ac15ec17 | a5eedd362d0908f8 8f9e7bb8eab1d668 6094f8038409a6fe 7aa025b5ac15ec17 | |||
| f4a5c944d66c359b 0adc9b0df8030dd3 158225935fb8211d 8c1184c90889a2d6 | f4a5c944d66c359b 0adc9b0df8030dd3 158225935fb8211d 8c1184c90889a2d6 | |||
| 7d6eea31f76ef78e d58742703d30ced3 3bc76c24377781ab dee13c6b9b536414 | 7d6eea31f76ef78e d58742703d30ced3 3bc76c24377781ab dee13c6b9b536414 | |||
| a9bba7118c71e428 5ecb0201bd24c604 3790fa22f2026b65 7b093968a927284f | a9bba7118c71e428 5ecb0201bd24c604 3790fa22f2026b65 7b093968a927284f | |||
| de6245d1f136e189 3f6b6ec01da88d72 52c1874271212c2b 2d466402bd6a69c1 | de6245d1f136e189 3f6b6ec01da88d72 52c1874271212c2b 2d466402bd6a69c1 | |||
| f02f342e191cf75b 540c77a33c97a66b 7e5a095630f3bef8 2f9d69e6b123b5f4 | f02f342e191cf75b 540c77a33c97a66b 7e5a095630f3bef8 2f9d69e6b123b5f4 | |||
| skipping to change at page 22, line 4 | skipping to change at page 22, line 4 | |||
| acb286d8c6057fcc 63c8a6e56b98a483 9784ccc119a70f91 0124d98e13146d27 | acb286d8c6057fcc 63c8a6e56b98a483 9784ccc119a70f91 0124d98e13146d27 | |||
| c50f04b134c35458 3c0cb6a9b5399b12 01f0c78234efd0e8 10388b0ca4de786b | c50f04b134c35458 3c0cb6a9b5399b12 01f0c78234efd0e8 10388b0ca4de786b | |||
| 3630a9bb1bc3c3ac 3ae2679a73d97b70 89f9624e2a56ee90 1ce4c8281a6875d9 | 3630a9bb1bc3c3ac 3ae2679a73d97b70 89f9624e2a56ee90 1ce4c8281a6875d9 | |||
| 145a8d3dc49a95b8 eaf20213f496a608 fa27a364d1e27873 5a622b685556e8a0 | 145a8d3dc49a95b8 eaf20213f496a608 fa27a364d1e27873 5a622b685556e8a0 | |||
| 20e797b5185561a7 7a2ef132a08ede52 55660833bcf3ddd0 f541c407702dfcaf | 20e797b5185561a7 7a2ef132a08ede52 55660833bcf3ddd0 f541c407702dfcaf | |||
| cde780f47f7e215e 3e4695270e348898 4f6165567e4c996c 669f769583eecbdf | cde780f47f7e215e 3e4695270e348898 4f6165567e4c996c 669f769583eecbdf | |||
| cffa1a99a1bc1d9f 7f2bc2c94ef0ca11 08822ef133e63f19 1c1b6a4d0e9804cb | cffa1a99a1bc1d9f 7f2bc2c94ef0ca11 08822ef133e63f19 1c1b6a4d0e9804cb | |||
| e96801666d04cf14 c13661c49fb41250 6b5c0d568f1310d0 440572b7463303ee | e96801666d04cf14 c13661c49fb41250 6b5c0d568f1310d0 440572b7463303ee | |||
| e08152128bf0f41c 26c67db512d9c051 4fb8778060a52925 33aefdc1844da87b | e08152128bf0f41c 26c67db512d9c051 4fb8778060a52925 33aefdc1844da87b | |||
| 29657c9bda2158a8 57dd3ae961b08146 ea9df2674379bda1 3a023c7386302bf2 | 29657c9bda2158a8 57dd3ae961b08146 ea9df2674379bda1 3a023c7386302bf2 | |||
| Nigori September 2010 | ||||
| c6b46f5895117645 3f2d2254a46d0615 cdfde9df9a86b710 ea1ce82d8052b8ee | c6b46f5895117645 3f2d2254a46d0615 cdfde9df9a86b710 ea1ce82d8052b8ee | |||
| ef8fca039c348487 7fa53c4076387b3f d6eb59fa5c402935 092852f230f70f3c | ef8fca039c348487 7fa53c4076387b3f d6eb59fa5c402935 092852f230f70f3c | |||
| 5467617bbe9b5a25 71b6b234e4f1929b 07f9434e66def7c5 b6db6db6db6db6db | 5467617bbe9b5a25 71b6b234e4f1929b 07f9434e66def7c5 b6db6db6db6db6db | |||
| mod_inverse(8, p) = | mod_inverse(8, p) = | |||
| 1fffffffffffffff f921fb54442d1846 9898cc51701b839a 252049c1114cf98e | 1fffffffffffffff f921fb54442d1846 9898cc51701b839a 252049c1114cf98e | |||
| 804177d4c7627364 4a29410f31c6809b bdf2a33679a74863 6605614dbe4be286 | 804177d4c7627364 4a29410f31c6809b bdf2a33679a74863 6605614dbe4be286 | |||
| e9fc26adadaa3848 bc90b6aecc4bcfd8 de89885d34c6fdad 617feb96de80d6fd | e9fc26adadaa3848 bc90b6aecc4bcfd8 de89885d34c6fdad 617feb96de80d6fd | |||
| bdc70d7f6b5133f4 b5d3e4822f8963fc c9250cca3d9c8b67 b8400f97142c77e0 | bdc70d7f6b5133f4 b5d3e4822f8963fc c9250cca3d9c8b67 b8400f97142c77e0 | |||
| b31b4906c38aba73 4d22c7f51fa499eb f06caba47b9475b2 c38c5e6ac410aa57 | b31b4906c38aba73 4d22c7f51fa499eb f06caba47b9475b2 c38c5e6ac410aa57 | |||
| skipping to change at page 23, line 4 | skipping to change at page 23, line 4 | |||
| c837612151a8c8eb dac6e456379e23fd ae689b9c7dcbedb0 aaaaaaaaaaaaaaaa | c837612151a8c8eb dac6e456379e23fd ae689b9c7dcbedb0 aaaaaaaaaaaaaaaa | |||
| mod_inverse(10, p) = | mod_inverse(10, p) = | |||
| b333333333333333 0cbe4c3e4a96218b 568ade94da33adc5 9cb4d0392daf0f1e | b333333333333333 0cbe4c3e4a96218b 568ade94da33adc5 9cb4d0392daf0f1e | |||
| 016e9f0df62752fe 6c1a3921e38ad034 f481f86442dbfbc6 3b515419c3428e26 | 016e9f0df62752fe 6c1a3921e38ad034 f481f86442dbfbc6 3b515419c3428e26 | |||
| b7ea7232ffb93b30 ecc3ff0611a88bf1 ab022ed6c1272631 5532c0e6779e4d8c | b7ea7232ffb93b30 ecc3ff0611a88bf1 ab022ed6c1272631 5532c0e6779e4d8c | |||
| f38de52ff293895a 60a2993f709afcba cccf7ad2f29fd978 07cd241ad75f6c1d | f38de52ff293895a 60a2993f709afcba cccf7ad2f29fd978 07cd241ad75f6c1d | |||
| 8498cc25e0a27a85 aff5f95cb1335df6 0f2d5acc4da5c64f 7a4543ef7d2a2050 | 8498cc25e0a27a85 aff5f95cb1335df6 0f2d5acc4da5c64f 7a4543ef7d2a2050 | |||
| 2262031ececfcfb2 fb5558839ab73736 a904b2062710e43d 569841fded265d29 | 2262031ececfcfb2 fb5558839ab73736 a904b2062710e43d 569841fded265d29 | |||
| ec222038773d5dcf 53020f5872055831 65a3c1c1e78239f3 b51ea85fcef0dcf7 | ec222038773d5dcf 53020f5872055831 65a3c1c1e78239f3 b51ea85fcef0dcf7 | |||
| Nigori September 2010 | ||||
| 5b8219d771023139 f5acb4446b1569f1 a89cfd3f611122ec c60a29bc4fd1ef24 | 5b8219d771023139 f5acb4446b1569f1 a89cfd3f611122ec c60a29bc4fd1ef24 | |||
| 2908645eb5c74f46 a5e343830b005a87 613db5bd27843bf1 975024772804868b | 2908645eb5c74f46 a5e343830b005a87 613db5bd27843bf1 975024772804868b | |||
| c52bfa2f66200ab0 2efc01d033e6f788 10d2acb445fa0d4b 8f3b2f04cb7a3913 | c52bfa2f66200ab0 2efc01d033e6f788 10d2acb445fa0d4b 8f3b2f04cb7a3913 | |||
| 64529b50abf2b0df d315d15daa09633c 1d1d9056d5aa8e32 53537953b5fe7e6b | 64529b50abf2b0df d315d15daa09633c 1d1d9056d5aa8e32 53537953b5fe7e6b | |||
| 06380489eb6d916f 49198d3103e45863 9b41f8ca0ffd859a 5f4ff6d9dbabee63 | 06380489eb6d916f 49198d3103e45863 9b41f8ca0ffd859a 5f4ff6d9dbabee63 | |||
| ac4f85721e68d967 d2089b5de47837f6 df67e28b4c41eeb2 4d75f073eac7cf6f | ac4f85721e68d967 d2089b5de47837f6 df67e28b4c41eeb2 4d75f073eac7cf6f | |||
| cd036ecc83689748 06fdb0747c9f2774 4f8a3e7eb6e506a7 eb969c6af06555be | cd036ecc83689748 06fdb0747c9f2774 4f8a3e7eb6e506a7 eb969c6af06555be | |||
| 4bdcf11138f388bf 95f7369bc4053094 9a79e7d2b101cc14 2b37cc0248c83f76 | 4bdcf11138f388bf 95f7369bc4053094 9a79e7d2b101cc14 2b37cc0248c83f76 | |||
| b431d76ac97e4e6d de7fcd80cba7ed31 1cf7bf400ad122b8 9999999999999999 | b431d76ac97e4e6d de7fcd80cba7ed31 1cf7bf400ad122b8 9999999999999999 | |||
| Nigori September 2010 | ||||
| 11. Acknowledgements | 11. Acknowledgements | |||
| Thanks to Wan-Teh Chang, Adam Langley and Ian Goldberg (and others | Thanks to Wan-Teh Chang, Adam Langley and Ian Goldberg (and others | |||
| who should remind me who they are) for feedback on earlier versions. | who should remind me who they are) for feedback on earlier versions. | |||
| Nigori September 2010 | ||||
| 12. IANA Considerations | 12. IANA Considerations | |||
| This memo includes no request to IANA. | This memo includes no request to IANA. | |||
| Nigori September 2010 | ||||
| 13. Security Considerations | 13. Security Considerations | |||
| The role of the user's password is critical and must therefore be | The role of the user's password is critical and must therefore be | |||
| strongly protected. Obvious risks to the password are phishing and | strongly protected. Obvious risks to the password are phishing and | |||
| malware. | malware. | |||
| If Nigori can achieve its aim of providing storage for all a user's | If Nigori can achieve its aim of providing storage for all a user's | |||
| credentials, it is hoped that users can be protected from phishing, | credentials, it is hoped that users can be protected from phishing, | |||
| since they should only ever have to use a single password in a single | since they should only ever have to use a single password in a single | |||
| context. | context. | |||
| skipping to change at page 27, line 5 | skipping to change at page 27, line 5 | |||
| Although Nigori only specifies password-based security for the stored | Although Nigori only specifies password-based security for the stored | |||
| secrets, this is anticipated to be the base level of security. Some | secrets, this is anticipated to be the base level of security. Some | |||
| users and stores may choose to layer other mechanisms on top of, or | users and stores may choose to layer other mechanisms on top of, or | |||
| instead of, passwords, such as one-time passwords or keying material | instead of, passwords, such as one-time passwords or keying material | |||
| on a hardware devices and so forth. | on a hardware devices and so forth. | |||
| Protection against malware is beyond Nigori's scope, but it is worth | Protection against malware is beyond Nigori's scope, but it is worth | |||
| noting that a user with malware on his machine is already completely | noting that a user with malware on his machine is already completely | |||
| exposed anyway. | exposed anyway. | |||
| Nigori September 2010 | ||||
| 14. References | 14. References | |||
| 14.1. Normative References | 14.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| 14.2. Informative References | 14.2. Informative References | |||
| Nigori September 2010 | ||||
| Editorial Comments | Editorial Comments | |||
| [anchor4] (Security note: although we'd prefer SHA-256, SHA-1 is | [anchor4] (Security note: although we'd prefer SHA-256, SHA-1 is | |||
| not actually broken for this use case, and PBKDF2 does | not actually broken for this use case, and PBKDF2 does | |||
| not currently allow any other hash) [PBKDF2 test vectors, | not currently allow any other hash) [PBKDF2 test vectors, | |||
| courtesy of wtc: http://www.ietf.org/id/ | courtesy of wtc: http://www.ietf.org/id/ | |||
| draft-josefsson-pbkdf2-test-vectors-00.txt | draft-josefsson-pbkdf2-test-vectors-00.txt | |||
| http://www.rfc-editor.org/rfc/rfc3962.txt | http://www.rfc-editor.org/rfc/rfc3962.txt | |||
| http://www.cryptosys.net/manapi/api_PBE_Kdf2.html] | http://www.cryptosys.net/manapi/api_PBE_Kdf2.html] | |||
| skipping to change at page 29, line 4 | skipping to change at page 29, line 4 | |||
| exercise for the reader) | exercise for the reader) | |||
| [anchor24] [Daniel Bleichenbacher points out: to compute expressions | [anchor24] [Daniel Bleichenbacher points out: to compute expressions | |||
| of the form a*b^{-1} mod p, where b is a small integer. | of the form a*b^{-1} mod p, where b is a small integer. | |||
| An efficient method to do this is to compute k = | An efficient method to do this is to compute k = | |||
| -a*p^{-1} mod b. Then the integer a + kp is divisible by | -a*p^{-1} mod b. Then the integer a + kp is divisible by | |||
| b and hence a*b^{-1} == (a+kp)/b (mod p). I.e. this | b and hence a*b^{-1} == (a+kp)/b (mod p). I.e. this | |||
| method takes O(log(p)log(b)), rather than O(log(p)^2) for | method takes O(log(p)log(b)), rather than O(log(p)^2) for | |||
| the current method. (I have my doubts because of the | the current method. (I have my doubts because of the | |||
| cache, but I should test it) ] | cache, but I should test it) ] | |||
| Nigori September 2010 | ||||
| Author's Address | Author's Address | |||
| Ben Laurie | Ben Laurie | |||
| Google Ltd. | Google Ltd. | |||
| London, | London, | |||
| UK | UK | |||
| Email: benl@google.com | Email: benl@google.com | |||
| End of changes. 31 change blocks. | ||||
| 2 lines changed or deleted | 53 lines changed or added | |||
This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||