-
Notifications
You must be signed in to change notification settings - Fork 840
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[docs] Fixed wrong description concerning passphrase #1701
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -867,20 +867,24 @@ For details, see [Packet Filtering & FEC](packet-filtering-and-fec.md). | |
| `SRTO_PASSPHRASE` | 0.0.0 | pre | `string` | | "" |[10..79]| W | GSD | | ||
|
||
Sets the passphrase for encryption. This enables encryption on this party (or | ||
disables it, if an empty passphrase is passed). | ||
disables it, if an empty passphrase is passed). The password must be minimum | ||
10 and maximum 79 characters long. If an empty password is specified (default), | ||
the encryption is disabled. | ||
|
||
The passphrase is the shared secret between the sender and the receiver. It is | ||
used to generate the Key Encrypting Key using [PBKDF2](http://en.wikipedia.org/wiki/PBKDF2) | ||
(Password-Based Key Derivation Function 2). It is used on the receiver only if | ||
the received data is encrypted. | ||
(Password-Based Key Derivation Function 2). | ||
|
||
When a socket with configured passphrase is being connected, the peer must | ||
have the same password set, or otherwise the connection is rejected. This | ||
behavior can be changed by [`SRTO_ENFORCEDENCRYPTION`](#SRTO_ENFORCEDENCRYPTION). | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. When a socket with configured passphrase is being connected, the peer must |
||
|
||
Note that since the introduction of bidirectional support, there's only one | ||
initial SEK to encrypt the stream (new keys after refreshing will be updated | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is not part of the PR changes but I have been surprise by this 'SEK' popping here. I don't see it defined around while the KEK is written in full word two paragraphs before. Is there a lexicon we can link to. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We may link to the Encryption section of the RFC. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'd simply replace it with "encryption key". |
||
independently), and there's no distinction between "service party that defines | ||
the password" and "client party that is required to set matching password" - both | ||
parties are equivalent, and in order to have a working encrypted connection, they | ||
have to simply set the same passphrase. Otherwise the connection is rejected by | ||
default (see also [`SRTO_ENFORCEDENCRYPTION`](#SRTO_ENFORCEDENCRYPTION)). | ||
have to simply set the same passphrase. | ||
|
||
[Return to list](#list-of-options) | ||
|
||
|
@@ -911,7 +915,7 @@ For File mode: Default value is 0 and it's recommended not to be changed. | |
| -------------------- | ----- | ------- | ---------- | ------- | -------- | ------ | --- | ------ | | ||
| `SRTO_PBKEYLEN` | 0.0.0 | pre | `int32_t` | bytes | 0 | * | RW | GSD | | ||
|
||
Sender encryption key length. | ||
Encryption key length. | ||
|
||
Possible values: | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The sentence "If an empty password is specified (default),
the encryption is disabled." is redundant (see line 870)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right. How I overlooked it. Will be removed.