diff options
| -rw-r--r-- | sys/man/6/authsrv | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/sys/man/6/authsrv b/sys/man/6/authsrv index 96c36cea4..ddff3e90d 100644 --- a/sys/man/6/authsrv +++ b/sys/man/6/authsrv @@ -284,6 +284,10 @@ proving to the client that it also knows .I Kn and therefore .I Ks . +.PP +The 64-bit shared secret +.I Kn +is used as the session secret. .SS "Password authenticated key exchange" Initially, the server and client keys .I Ks @@ -527,7 +531,7 @@ and contributes its random string .IR RNs for the session secret. .PP -The 2048-bit session secret is derived with a PRF hashing the +The 2048-bit session secret is derived with HKDF-SHA256 hashing the concatenated random strings .IR RNc | RNs with the the shared secret key @@ -586,16 +590,16 @@ authentication files and .IR attach (5)). Other services, such as -.IR cpu (1) +.IR cpu (1), +.IR exportfs (4) and -.IR exportfs (4), +.IR tlssrv (8) run .I p9any -over the network and then -use -.I Kn -to derive an +over the network and then use the session secret to derive an .IR ssl (3) +or +.IR tls (3) key to encrypt the rest of their communications. .SS "Password Change Users connect directly to the AS |