From: Loup Vaillant <loup@loup-vaillant.fr>
Date: Sun, 10 Dec 2017 20:00:45 +0000 (+0100)
Subject: Mentinned the Double Ratchet Algorithm
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=c8e6da2e358c85edbe9ddce40ac631e2a3e3217c;p=Monocypher.git

Mentinned the Double Ratchet Algorithm

This is better than the half assed explanation about authenticating keys
with `crypto_lock`
---

diff --git a/doc/man/man3/crypto_key_exchange.3monocypher b/doc/man/man3/crypto_key_exchange.3monocypher
index 11d7d9d..3c686dd 100644
--- a/doc/man/man3/crypto_key_exchange.3monocypher
+++ b/doc/man/man3/crypto_key_exchange.3monocypher
@@ -31,7 +31,6 @@ See
 .Xr intro 3monocypher
 for advice about generating random bytes (use the operating system's
 random number generator).
-.Pp
 .Sh RETURN VALUES
 Some public keys force the shared key to a known constant.
 .Fn crypto_key_exchange
@@ -77,8 +76,5 @@ uses HChacha20 as well.
 .Sh SECURITY CONSIDERATIONS
 If either of the long term secret keys leaks, it may compromise
 .Em all past messages .
-Users who want forward secrecy need to generate temporary public keys,
-send them to one another, (use
-.Xr crypto_lock 3monocypher
-to authenticate them), and compute a shared secret with those
-temporary keys.
+This can be avoided by using protocols that provide forward secrecy,
+such as the Double Ratchet Algorithm.
diff --git a/doc/man/man3/crypto_x25519.3monocypher b/doc/man/man3/crypto_x25519.3monocypher
index edc6374..d05ee8f 100644
--- a/doc/man/man3/crypto_x25519.3monocypher
+++ b/doc/man/man3/crypto_x25519.3monocypher
@@ -23,7 +23,7 @@ Do not use it directly as a session key.
 Hash it with
 .Xr crypto_chacha20_H 3monocypher
 or
-.Xr crypto_blake2b 3monocypher 
+.Xr crypto_blake2b 3monocypher
 first.
 .Pp
 .Fn crypto_x25519
@@ -57,7 +57,8 @@ uint8_t *key_1 = shared_keys;      /* Shared key 1             */
 uint8_t *key_2 = shared_keys + 32; /* Shared key 2             */
 crypto_blake2b(shared_keys, shared_secret, 32);
 /* Wipe the secret /
-crypto_wipe(shared_secret, 32);    
+crypto_wipe(shared_secret, 32);
+.Ed
 .Sh SEE ALSO
 .Xr crypto_key_exchange 3monocypher ,
 .Xr intro 3monocypher
@@ -66,11 +67,8 @@ This function implements X25519, described in RFC 7748.
 .Sh SECURITY CONSIDERATIONS
 If either of the long term secret keys leaks, it may compromise
 .Em all past messages .
-Users who want forward secrecy need to generate temporary public keys,
-send them to one another, (use
-.Xr crypto_lock 3monocypher
-to authenticate them), and compute a shared secret with those
-temporary keys.
+This can be avoided by using protocols that provide forward secrecy,
+such as the Double Ratchet Algorithm.
 .Sh IMPLEMENTATION DETAILS
 The most significant bit of the public key is systematically ignored.
 It is not needed because every public key should be smaller than