diff --git a/www.i2p2/pages/how_cryptography.html b/www.i2p2/pages/how_cryptography.html index 346f12b5..b34d05c7 100644 --- a/www.i2p2/pages/how_cryptography.html +++ b/www.i2p2/pages/how_cryptography.html @@ -67,22 +67,31 @@ Using 2 as the generator.

AES

-We use 256bit AES in CBC mode with PKCS#5 padding for 16 byte blocks (aka each block is end -padded with the number of pad bytes). Specifically, see +We use 256bit AES in CBC mode. +The padding used is specified in IETF RFC-2313 (PKCS#5 1.5, section 8.1 (for block type 02)). +In this case, padding exists of pseudorandomly generated octets to match 16 byte blocks. +Specifically, see [the CBC code] and the Cryptix AES - -[implementation] +[implementation], +as well as the padding, found in the +ElGamalAESEngine.getPadding function.

-For situations where we stream AES data, we still use the same algorithm, as implemented in +Two situations are possible: +

+1. For situations where we stream AES data, we still use the same algorithm, as implemented in [AESOutputStream] [AESInputStream]

-For situations where we know the size of the data to be sent, we AES encrypt the following: +2. For situations where we know the size of the data to be sent, we AES encrypt the following: 

  |_______1_______2_______3_______4_______5_______6_______7_______8
- |H(data)|      size of data (in bytes)  |  data    ...  | rand  |
+ |H(data)
+ |
+ |
+ |                                                               |
+ |    size of data (in bytes)    |  data    ...  | rand  |

After the data comes an application specified number of randomly generated padding bytes, and