Use Argon2d PHC winner instead of PBKDF2

[govpn.git] / doc / pake.texi

diff --git a/doc/pake.texi b/doc/pake.texi
index 535165e463206d8de7eb3b8720164bffcc936b92..fa8a322c6666a9f132cfacd4564399dad3a4b2fc 100644 (file)
--- a/doc/pake.texi
+++ b/doc/pake.texi
@@ -1,12 +1,12 @@
 @node PAKE
-@section PAKE
+@section Password Authenticated Key Agreement
 
 Previously we used pre-shared high-entropy long-term static key for
 client-server authentication. Is is secure, but not convenient for some
 user use-cases:
 
-@itemize @bullet
-@item Compromising of password files on either server or client side
+@itemize
+@item Compromising of passphrase files on either server or client side
 allows attacker to masquerade himself a client.
 @item To prevent compromising of keys on the client side, one needs some
 kind of passphrase protected secure storage (like either PGP with
@@ -15,7 +15,7 @@ decryption to the memory, or full-disk encryption).
 
 Overall security on the client side is concentrated in passphrase
 (high-entropy password), so it is convenient to use it in GoVPN
-directly, without static on-disk keys. That is why we use password
+directly, without static on-disk keys. That is why we use passphrase
 authenticated key agreement.
 
 We use "passphrase" term instead of "password". Technically there may be
@@ -25,6 +25,6 @@ they are memorable. Because of their quantity, they acts as a high
 entropy source.
 
 Passphrases are entered directly by the human on the client side. Server
-side stores previously shared so-called @ref{Verifier}. Verifier contains
-dictionary attack resistant password derivative. Attacker can not use it
-to act as a client.
+side stores previously shared so-called @ref{Verifier, verifier}. Verifier
+contains dictionary attack resistant password derivative. Attacker can not
+use it to act as a client.