X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/a93aacce200e0d68b614d8bfb05d9cbeba850b12..f56dbbc4f35e303ae79a24be8590ed79a335fd7c:/server/tripe.8.in diff --git a/server/tripe.8.in b/server/tripe.8.in index ebbfc790..854b3a0a 100644 --- a/server/tripe.8.in +++ b/server/tripe.8.in @@ -361,8 +361,13 @@ mode, designed by Bellare, Canetti and Krawczyk). These can all be overridden by setting attributes on your private key, as follows. .TP .B bulk -Names the bulk-crypto transform to use. Currently the only choice is -.BR v0 . +Names the bulk-crypto transform to use. See below. +.TP +.B blkc +Names a block cipher, used by some bulk-crypto transforms (e.g., +.BR iiv ). The default is to use the block cipher underlying the chosen +.BR cipher , +if any. .TP .B cipher Names the symmetric encryption scheme to use. The default is @@ -384,6 +389,26 @@ at half the underlying hash function's output length. A `mask-generation function', used in the key-exchange. The default is .IB hash \-mgf and there's no good reason to change it. +.PP +The available bulk-crypto transforms are as follows. +.TP +.B v0 +Originally this was the only transform available. It's a standard +generic composition of a CPA-secure symmetric encryption scheme with a +MAC; initialization vectors for symmetric encryption are chosen at +random and included explicitly in the cryptogram. +.TP +.B iiv +A newer `implicit-IV' transform. Rather than having an explicit random +IV, the IV is computed from the sequence number using a block cipher. +This has two advantages over the +.B v0 +transform. Firstly, it adds less overhead to encrypted messages +(because the IV no longer needs to be sent explicitly). Secondly, and +more significantly, the transform is entirely deterministic, so (a) it +doesn't need the (possibly slow) random number generator, and (b) it +closes a kleptographic channel, over which a compromised implementation +could leak secret information to a third party. .SS "Using SLIP interfaces" Though not for the faint of heart, it is possible to get .B tripe