Updated Notes on encryption (markdown)

2025-01-31 12:19:34 +08:00 · 2020-08-17 18:09:55 -04:00 · 2020-08-17 18:09:55 -04:00 · 95cc0e6376
commit 95cc0e6376
parent f98b0973f8
1 changed files with 9 additions and 1 deletions
--- a/Notes-on-encryption.md
+++ b/Notes-on-encryption.md
@ -14,7 +14,15 @@ Existing security mechanisms usualy only cares about the secuirty of your data,

 In udp2raw, not only the data but also udp2raw protocol itself will be obsecured by encryption. The network traffics of udp2raw will look like a bunch of random junks and reduce the possibility of being detected by DPI.

-
+### about the implementation of udp2raw's encryption
+
+When `md5` and `aes` are used, udp2raw use the hash-then-encrpy scheme, encrpyted hash is served as mac. The security is less than using hmac, but the md5 option is kept for compatiblity.
+
+When `hmac-sha1` and `aes` are used, first udp2raw will use PKCS5_PBKDF2 for key strenghing and HKDF for key deriving, then use a encrypt-then-mac scheme.
+
+To prevent replay a whole connection, udp2raw client and server will challenge each other with random numbers.
+
+To prevent replay the packets inside a connection,  udp2raw packages are sequenced and an anti-replay-widnows is used to filter duplicated packets.