X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=doc%2Fverifierstruct.texi;h=b199d72faebc09f42b48488179baf1c8724db75e;hb=f9209136cff0331fc2293f25061971f6c77ff213;hp=3b969dc07ac09f57752f228fcc38216e41473002;hpb=cae1bf7a68f5be04942cdb96f91e5eca44232f5c;p=govpn.git

diff --git a/doc/verifierstruct.texi b/doc/verifierstruct.texi
index 3b969dc..b199d72 100644
--- a/doc/verifierstruct.texi
+++ b/doc/verifierstruct.texi
@@ -3,14 +3,21 @@
 
 Verifier is a derivative of the password. It is resistant to
 dictionary attacks and can not be used for authentication (only
-it's verifying).
+its verifying).
 
 @verbatim
-SOURCE = PBKDF2(SALT=PeerId, PASSWORD, 1<<16, SHA512)
+SOURCE = Balloon(PASSWORD, SALT=PeerId, sCost, tCost, pJobs)
 PUB, PRIV = Ed25519.Generate(SOURCE)
 @end verbatim
 
-Verifier is public key of Ed25519 generated from the PBKDF2 of the
-passphrase in hexadecimal encoding. @code{PeerId} is used as a 128-bit
-salt. Server stores and knows only verifier. Client can compute the
-whole keypair every time he makes handshake.
+Balloon hashing uses BLAKE2b-256 hash. Space cost (sCost), time cost
+(tCost) and number of parallel jobs (pJobs) are specific to Balloon
+implementation.
+
+Verifier is serialized representation of public data above:
+@verbatim
+$balloon$s=s,t=t,p=p$Base64(SALT)$Base64(PUB)
+@end verbatim
+
+Server stores and knows only verifier. Client can compute the whole
+keypair every time he makes handshake.