In the examples below, the transport headers are omitted:
For example, for the abridged version of the transport », the client sends
0xefas the first byte (important: only prior to the very first data packet), then the packet length is encoded with a single byte (0x01-0x7e= data length divided by 4; or0x7ffollowed by 3 bytes (little endian) divided by 4) followed by the data itself. In this case, server responses have the same structure (although the server does not send0xefas the first byte).
Detailed documentation on creating authorization keys is available here ».
Sent payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 2C A3 0D 00 0D 0D C3 66
0010 | 14 00 00 00 F1 8E 7E BE AC 7E C6 49 66 2E CF 3C
0020 | F3 BA 99 1B 9D 8D AB D5Payload (de)serialization:
req_pq_multi#be7e8ef1 nonce:int128 = ResPQ;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 2CA30D000D0DC366 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | 14000000 (20 in decimal) |
Message body length |
| %(req_pq_multi) | 20, 4 | f18e7ebe |
req_pq_multi constructor number from TL schema |
| nonce | 24, 16 | AC7EC649662ECF3CF3BA991B9D8DABD5 |
Random number |
Received payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 01 74 FF E0 0D 0D C3 66
0010 | 90 00 00 00 63 24 16 05 AC 7E C6 49 66 2E CF 3C
0020 | F3 BA 99 1B 9D 8D AB D5 6C 8D 9C F5 77 54 AE 5A
0030 | 5C B3 05 75 9A 60 50 D0 08 1B E3 63 A4 6F 8E DF
0040 | C1 00 00 00 15 C4 B5 1C 03 00 00 00 A5 B7 F7 09
0050 | 35 5F C3 0B 21 6B E8 6C 02 2B B4 C3 85 FD 64 DE
0060 | 85 1D 9D D0Payload (de)serialization:
resPQ#05162463 nonce:int128 server_nonce:int128 pq:string server_public_key_fingerprints:Vector<strlong> = ResPQ;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 0174FFE00D0DC366 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | 90000000 (144 in decimal) |
Message body length |
| %(resPQ) | 20, 4 | 63241605 |
resPQ constructor number from TL schema |
| nonce | 24, 16 | AC7EC649662ECF3CF3BA991B9D8DABD5 |
Value generated by client in Step 1 |
| server_nonce | 40, 16 | 6C8D9CF57754AE5A5CB305759A6050D0 |
Server-generated random number |
| pq | 56, 12 | 081BE363A46F8EDFC1000000TL byte deserialization => bigendian conversion to decimal => 2009559416634793921 |
Single-byte prefix denoting length, an 8-byte string, and three bytes of padding |
| %(Vector strlong) | 68, 4 | 15c4b51c |
Vector t constructor number from TL schema |
| count | 72, 4 | 03000000 |
Number of elements in server_public_key_fingerprints |
| server_public_key_fingerprints[0] | 76, 8 | A5B7F709355FC30B |
64 lower-order bits of SHA1(server_public_key) |
| server_public_key_fingerprints[1] | 84, 8 | 216BE86C022BB4C3 |
64 lower-order bits of SHA1(server_public_key) |
| server_public_key_fingerprints[2] | 92, 8 | 85FD64DE851D9DD0 |
64 lower-order bits of SHA1(server_public_key) |
In our case, the client only has the following public keys, with the following fingerprints:
85FD64DE851D9DD0Let's choose the only matching key, the one with fingerprint equal to 85FD64DE851D9DD0.
pq = 2009559416634793921Decompose into 2 prime cofactors p < q: 2009559416634793921 = 1090123583 * 1843423487
p = 1090123583
q = 1843423487encrypted_data payload generationFirst of all, generate an encrypted_data payload as follows:
Generated payload (excluding transport headers/trailers):
0000 | 95 5F F5 A9 08 1B E3 63 A4 6F 8E DF C1 00 00 00
0010 | 04 40 F9 F7 3F 00 00 00 04 6D E0 68 FF 00 00 00
0020 | AC 7E C6 49 66 2E CF 3C F3 BA 99 1B 9D 8D AB D5
0030 | 6C 8D 9C F5 77 54 AE 5A 5C B3 05 75 9A 60 50 D0
0040 | DB 3F 7E 5E 2E E1 CF 4C 86 05 74 57 84 5C 5C 5B
0050 | 4F 2A 99 51 F0 38 E4 31 B2 94 33 4E 12 C6 C4 19
0060 | 02 00 00 00Payload (de)serialization:
p_q_inner_data_dc#a9f55f95 pq:string p:string q:string nonce:int128 server_nonce:int128 new_nonce:int256 dc:int = P_Q_inner_data;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| %(p_q_inner_data_dc) | 0, 4 | 955ff5a9 |
p_q_inner_data_dc constructor number from TL schema |
| pq | 4, 12 | 081BE363A46F8EDFC1000000TL byte deserialization => bigendian conversion to decimal => 2009559416634793921 |
Single-byte prefix denoting length, 8-byte string, and three bytes of padding |
| p | 16, 8 | 0440F9F73F000000TL byte deserialization => bigendian conversion to decimal => 1090123583 |
First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
| q | 24, 8 | 046DE068FF000000TL byte deserialization => bigendian conversion to decimal => 1843423487 |
Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
| nonce | 32, 16 | AC7EC649662ECF3CF3BA991B9D8DABD5 |
Value generated by client in Step 1 |
| server_nonce | 48, 16 | 6C8D9CF57754AE5A5CB305759A6050D0 |
Value received from server in Step 2 |
| new_nonce | 64, 32 | DB3F7E5E2EE1CF4C86057457845C5C5B 4F2A9951F038E431B294334E12C6C419 |
Client-generated random number |
| dc | 96, 4 | 02000000 (2 in decimal) |
DC ID: 10000 (decimal) has to be added to the DC ID to connect to the test servers; it has to be made negative if the DC we're connecting to is a media (not CDN) DC. |
The serialization of P_Q_inner_data produces data, which is used to generate encrypted_data as specified in step 4.1.
These are the inputs to the algorithm specified in step 4.1:
data = 955FF5A9081BE363A46F8EDFC10000000440F9F73F000000046DE068FF000000AC7EC649662ECF3CF3BA991B9D8DABD56C8D9CF57754AE5A5CB305759A6050D0DB3F7E5E2EE1CF4C86057457845C5C5B4F2A9951F038E431B294334E12C6C41902000000
random_padding_bytes = 82EF77A67CA950176B3C8A6AED8C49B22B5B8338E93D9A8077219C1F643736C7ADE8802882B4E6667914AA15469B2AAC5111CA5F9D52D0C5949AAB0B8F9D894DCDA3ECD755440EBBC1A5FD15EB5486870DA7BA006C53D35B1C76B0B4And this is the output:
encrypted_data = C71092A1879498AD33CCAF6BF2F48145F0F624E20B99A8439CFC4D59974ED6299399FE92C80D06DF951CDA757AAB3014EC0B33B7D9B1F9AB6BFF3CFB7284552A27BBC42FBCE1D5D22BB05E9D90F04691F50C990BF4F315D204F1208FCC938C59F04B7F8E612DAA6F65BD768A085D4263F024496447833F731DB4C9960BE5263F98F448C32F8943258C687DC7CD6C3581FD371B2114654F3A5CD92BC032E8C6B644D859D5615712BA528CF8EC73E1B0887E204CA81847304A2FB3C4AAAA8A45C364D6CC6FE070913B7B19C2045BE3426D2CFEC5533A0CA28D5B47D69752D68F740CB1BC9C23CD1559C2054BAF7EB8622C39348A2B95A7D79FD4F8A3901B1501C5The length of the final string is 256 bytes.
encrypted_dataSent payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 94 C9 0E 00 0E 0D C3 66
0010 | 40 01 00 00 BE E4 12 D7 AC 7E C6 49 66 2E CF 3C
0020 | F3 BA 99 1B 9D 8D AB D5 6C 8D 9C F5 77 54 AE 5A
0030 | 5C B3 05 75 9A 60 50 D0 04 40 F9 F7 3F 00 00 00
0040 | 04 6D E0 68 FF 00 00 00 85 FD 64 DE 85 1D 9D D0
0050 | FE 00 01 00 C7 10 92 A1 87 94 98 AD 33 CC AF 6B
0060 | F2 F4 81 45 F0 F6 24 E2 0B 99 A8 43 9C FC 4D 59
0070 | 97 4E D6 29 93 99 FE 92 C8 0D 06 DF 95 1C DA 75
0080 | 7A AB 30 14 EC 0B 33 B7 D9 B1 F9 AB 6B FF 3C FB
0090 | 72 84 55 2A 27 BB C4 2F BC E1 D5 D2 2B B0 5E 9D
00A0 | 90 F0 46 91 F5 0C 99 0B F4 F3 15 D2 04 F1 20 8F
00B0 | CC 93 8C 59 F0 4B 7F 8E 61 2D AA 6F 65 BD 76 8A
00C0 | 08 5D 42 63 F0 24 49 64 47 83 3F 73 1D B4 C9 96
00D0 | 0B E5 26 3F 98 F4 48 C3 2F 89 43 25 8C 68 7D C7
00E0 | CD 6C 35 81 FD 37 1B 21 14 65 4F 3A 5C D9 2B C0
00F0 | 32 E8 C6 B6 44 D8 59 D5 61 57 12 BA 52 8C F8 EC
0100 | 73 E1 B0 88 7E 20 4C A8 18 47 30 4A 2F B3 C4 AA
0110 | AA 8A 45 C3 64 D6 CC 6F E0 70 91 3B 7B 19 C2 04
0120 | 5B E3 42 6D 2C FE C5 53 3A 0C A2 8D 5B 47 D6 97
0130 | 52 D6 8F 74 0C B1 BC 9C 23 CD 15 59 C2 05 4B AF
0140 | 7E B8 62 2C 39 34 8A 2B 95 A7 D7 9F D4 F8 A3 90
0150 | 1B 15 01 C5Payload (de)serialization:
req_DH_params#d712e4be nonce:int128 server_nonce:int128 p:string q:string public_key_fingerprint:long encrypted_data:string = Server_DH_Params;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 94C90E000E0DC366 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | 40010000 (320 in decimal) |
Message body length |
| %(req_DH_params) | 20, 4 | bee412d7 |
req_DH_params constructor number from TL schema |
| nonce | 24, 16 | AC7EC649662ECF3CF3BA991B9D8DABD5 |
Value generated by client in Step 1 |
| server_nonce | 40, 16 | 6C8D9CF57754AE5A5CB305759A6050D0 |
Value received from server in Step 2 |
| p | 56, 8 | 0440F9F73F000000TL byte deserialization => bigendian conversion to decimal => 1090123583 |
First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
| q | 64, 8 | 046DE068FF000000TL byte deserialization => bigendian conversion to decimal => 1843423487 |
Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
| public_key_fingerprint | 72, 8 | 85FD64DE851D9DD0 |
fingerprint of public key used |
| encrypted_data | 80, 260 | FE000100C71092A1879498AD33CCAF6B F2F48145F0F624E20B99A8439CFC4D59 974ED6299399FE92C80D06DF951CDA75 7AAB3014EC0B33B7D9B1F9AB6BFF3CFB 7284552A27BBC42FBCE1D5D22BB05E9D 90F04691F50C990BF4F315D204F1208F CC938C59F04B7F8E612DAA6F65BD768A 085D4263F024496447833F731DB4C996 0BE5263F98F448C32F8943258C687DC7 CD6C3581FD371B2114654F3A5CD92BC0 32E8C6B644D859D5615712BA528CF8EC 73E1B0887E204CA81847304A2FB3C4AA AA8A45C364D6CC6FE070913B7B19C204 5BE3426D2CFEC5533A0CA28D5B47D697 52D68F740CB1BC9C23CD1559C2054BAF 7EB8622C39348A2B95A7D79FD4F8A3901B1501C5 |
Value generated above |
Received payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 01 3C 42 AF 0E 0D C3 66
0010 | F0 02 00 00 5C 07 E8 D0 AC 7E C6 49 66 2E CF 3C
0020 | F3 BA 99 1B 9D 8D AB D5 6C 8D 9C F5 77 54 AE 5A
0030 | 5C B3 05 75 9A 60 50 D0 FE 50 02 00 28 D0 E4 6D
0040 | 08 A4 80 08 9A 50 37 02 51 A2 2F 16 07 0A 5D 0F
0050 | C7 51 4D BB 6D F2 BE 81 A6 48 9E 9B 53 66 A1 DD
0060 | 30 C4 DD 51 E9 98 54 E0 FA 9A A1 A2 3F 97 F4 A2
0070 | E6 80 59 DF 84 AE C5 5C 3F 81 06 55 51 F3 A0 66
0080 | B1 17 8F 4C F2 82 C6 34 A6 07 87 3F 42 10 87 C0
0090 | 73 99 FE EC 09 07 36 B9 7C 5D 2E FD 71 DB 7D C0
00A0 | B7 2B F3 B6 36 C6 D6 3E 20 FE DE 5D 86 5A 71 8E
00B0 | 85 84 DE 49 9E 8C 94 54 38 03 B4 40 30 54 C8 FE
00C0 | DE C8 1C AF F5 C7 56 6B 65 6B 4D 85 EF 92 7A 7C
00D0 | 06 A3 CF ED 2E 45 19 A6 22 EE 63 D5 FE 5D 51 1F
00E0 | 3A 01 9B 63 FC 11 F9 5B BC E7 FD E9 B0 58 C9 A7
00F0 | 12 02 09 C8 0C 57 38 08 43 59 8B 62 3B 94 FC D7
0100 | 16 96 04 7F 2A E1 07 69 0E 2F CD 61 EB 05 DA 5A
0110 | 6E 0F 13 FA 1E E1 4C 7B E1 E5 5D 47 D0 96 A7 87
0120 | 6F 2E 27 A3 C3 62 44 A9 86 E6 17 D9 1A 36 44 D7
0130 | DE 98 96 8B FD 09 A4 2C EB 3B 66 14 7A 0F C7 76
0140 | 92 2A F1 2D A3 37 7C 8F 33 AA C5 CF C8 75 0C 2F
0150 | 4C F9 89 48 09 EF E9 81 F2 88 63 64 FA 81 C7 59
0160 | 0A 12 24 4D 00 66 B8 62 D4 2D 78 86 5D DE 8F 2C
0170 | 8C 3E 1E ED FA ED 40 1A E2 36 23 D9 19 23 AA CC
0180 | A0 71 EE 9D D6 E3 F8 F6 C4 25 A6 06 AF 0B FE F1
0190 | 75 A5 17 B6 D4 F7 5C 56 BE 51 F6 DC 45 95 D7 45
01A0 | 4D A1 B5 DA D0 5D 59 69 F8 3F E8 DA F2 1C E6 CD
01B0 | 4A 57 95 12 CA FF 5F 58 D9 BC 9A 8E 45 92 95 D1
01C0 | 35 45 DD 4A C9 B8 37 7B 7A EC 68 2C F3 D7 7E FB
01D0 | D4 6B 46 5D 74 40 1F DA C1 7A 6A E4 C3 2F 1A 80
01E0 | 53 23 DC 9B 87 DB 38 21 05 38 E1 5D B5 B9 DE DA
01F0 | 6A 83 92 E0 1C 4C C4 02 27 16 36 FE BE 42 FE 7A
0200 | 2C 81 35 C4 85 A1 A1 04 F4 9B 1F 48 4F B1 8A 80
0210 | C8 C0 97 D3 D0 C2 0A 9B 4D 93 09 86 33 8E 2D F5
0220 | 56 59 CD F5 0C DE 50 E4 5E 05 CA 09 A3 94 8B BE
0230 | 2F 3D 68 E3 EA 5F 3B BF 3E 2E 9F F2 1B B4 5B 18
0240 | AF B4 44 F6 75 41 6C 27 C5 5F 3F 52 DA 11 B6 10
0250 | D6 C0 D7 07 90 1B 5A 39 3F 81 51 80 1A 3E 2E 38
0260 | 75 37 DC 21 DA EF 83 D1 44 1C 47 48 86 60 C0 07
0270 | 5F FE 01 D0 E2 0F 65 57 8F FB 6C F2 B3 98 25 38
0280 | 4B 29 5F BD 83 9B 46 FA 64 16 C0 A4Payload (de)serialization:
server_DH_params_ok#d0e8075c nonce:int128 server_nonce:int128 encrypted_answer:string = Server_DH_Params;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 013C42AF0E0DC366 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | F0020000 (752 in decimal) |
Message body length |
| %(server_DH_params_ok) | 20, 4 | 5c07e8d0 |
server_DH_params_ok constructor number from TL schema |
| nonce | 24, 16 | AC7EC649662ECF3CF3BA991B9D8DABD5 |
Value generated by client in Step 1 |
| server_nonce | 40, 16 | 6C8D9CF57754AE5A5CB305759A6050D0 |
Value received from server in Step 2 |
| encrypted_answer | 56, 596 | FE50020028D0E46D08A480089A503702 51A22F16070A5D0FC7514DBB6DF2BE81 A6489E9B5366A1DD30C4DD51E99854E0 FA9AA1A23F97F4A2E68059DF84AEC55C 3F81065551F3A066B1178F4CF282C634 A607873F421087C07399FEEC090736B9 7C5D2EFD71DB7DC0B72BF3B636C6D63E 20FEDE5D865A718E8584DE499E8C9454 3803B4403054C8FEDEC81CAFF5C7566B 656B4D85EF927A7C06A3CFED2E4519A6 22EE63D5FE5D511F3A019B63FC11F95B BCE7FDE9B058C9A7120209C80C573808 43598B623B94FCD71696047F2AE10769 0E2FCD61EB05DA5A6E0F13FA1EE14C7B E1E55D47D096A7876F2E27A3C36244A9 86E617D91A3644D7DE98968BFD09A42C EB3B66147A0FC776922AF12DA3377C8F 33AAC5CFC8750C2F4CF9894809EFE981 F2886364FA81C7590A12244D0066B862 D42D78865DDE8F2C8C3E1EEDFAED401A E23623D91923AACCA071EE9DD6E3F8F6 C425A606AF0BFEF175A517B6D4F75C56 BE51F6DC4595D7454DA1B5DAD05D5969 F83FE8DAF21CE6CD4A579512CAFF5F58 D9BC9A8E459295D13545DD4AC9B8377B 7AEC682CF3D77EFBD46B465D74401FDA C17A6AE4C32F1A805323DC9B87DB3821 0538E15DB5B9DEDA6A8392E01C4CC402 271636FEBE42FE7A2C8135C485A1A104 F49B1F484FB18A80C8C097D3D0C20A9B 4D930986338E2DF55659CDF50CDE50E4 5E05CA09A3948BBE2F3D68E3EA5F3BBF 3E2E9FF21BB45B18AFB444F675416C27 C55F3F52DA11B610D6C0D707901B5A39 3F8151801A3E2E387537DC21DAEF83D1 441C47488660C0075FFE01D0E20F6557 8FFB6CF2B39825384B295FBD839B46FA6416C0A4 |
See below |
Decrypt encrypted_answer using the reverse of the process specified in step 6:
encrypted_answer = 28D0E46D08A480089A50370251A22F16070A5D0FC7514DBB6DF2BE81A6489E9B5366A1DD30C4DD51E99854E0FA9AA1A23F97F4A2E68059DF84AEC55C3F81065551F3A066B1178F4CF282C634A607873F421087C07399FEEC090736B97C5D2EFD71DB7DC0B72BF3B636C6D63E20FEDE5D865A718E8584DE499E8C94543803B4403054C8FEDEC81CAFF5C7566B656B4D85EF927A7C06A3CFED2E4519A622EE63D5FE5D511F3A019B63FC11F95BBCE7FDE9B058C9A7120209C80C57380843598B623B94FCD71696047F2AE107690E2FCD61EB05DA5A6E0F13FA1EE14C7BE1E55D47D096A7876F2E27A3C36244A986E617D91A3644D7DE98968BFD09A42CEB3B66147A0FC776922AF12DA3377C8F33AAC5CFC8750C2F4CF9894809EFE981F2886364FA81C7590A12244D0066B862D42D78865DDE8F2C8C3E1EEDFAED401AE23623D91923AACCA071EE9DD6E3F8F6C425A606AF0BFEF175A517B6D4F75C56BE51F6DC4595D7454DA1B5DAD05D5969F83FE8DAF21CE6CD4A579512CAFF5F58D9BC9A8E459295D13545DD4AC9B8377B7AEC682CF3D77EFBD46B465D74401FDAC17A6AE4C32F1A805323DC9B87DB38210538E15DB5B9DEDA6A8392E01C4CC402271636FEBE42FE7A2C8135C485A1A104F49B1F484FB18A80C8C097D3D0C20A9B4D930986338E2DF55659CDF50CDE50E45E05CA09A3948BBE2F3D68E3EA5F3BBF3E2E9FF21BB45B18AFB444F675416C27C55F3F52DA11B610D6C0D707901B5A393F8151801A3E2E387537DC21DAEF83D1441C47488660C0075FFE01D0E20F65578FFB6CF2B39825384B295FBD839B46FA6416C0A4
tmp_aes_key = F9AC244019A3D256B2D0B2A57CCBCB837A05D4A70685F26C926FBAAED69F4148
tmp_aes_iv = 1F5D43DF6BEE2B294A86F4F1DCE4E0A30C97CECB011C15F2E09241A4DB3F7E5EYielding:
answer_with_hash = 581A0BF9CCAD9F42310DD6E06AAB84510994EDCFBA0D89B5AC7EC649662ECF3CF3BA991B9D8DABD56C8D9CF57754AE5A5CB305759A6050D003000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE0001007B42B299039FBDE3A58969368398697AC952271DC43A5438E7782BB65291F69483575A6ED2C3630E9175C7D423174305FF382CE1DED0895A9CEAFA2EE922D6ABF3096665988A10F86D458A967E1328154A8B6DEFA57C0443276AAAAFC9BF7EBEFDFD6B1A512B7A7DA6042C75AD9A1DA99C1B8DA5291E614F942FE51FD4FC134D8C8E4A2020215FD803455E0D1CF12A48B03E77FE29424D184D095B545539183AEAC1C5DA980ADA7EF3BC20493A00BBEAD819933981E9184BED92211B76C02B66DC1A54918634A1AEB3167178B846465FB172CD525C2AC7DEA4C7C342068EECED7240981B353F47601F45B52E83B7AD97D400CF5FD31F810808D8D857EB8924930E0DC36658A349CC05C7B750
answer = BA0D89B5AC7EC649662ECF3CF3BA991B9D8DABD56C8D9CF57754AE5A5CB305759A6050D003000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE0001007B42B299039FBDE3A58969368398697AC952271DC43A5438E7782BB65291F69483575A6ED2C3630E9175C7D423174305FF382CE1DED0895A9CEAFA2EE922D6ABF3096665988A10F86D458A967E1328154A8B6DEFA57C0443276AAAAFC9BF7EBEFDFD6B1A512B7A7DA6042C75AD9A1DA99C1B8DA5291E614F942FE51FD4FC134D8C8E4A2020215FD803455E0D1CF12A48B03E77FE29424D184D095B545539183AEAC1C5DA980ADA7EF3BC20493A00BBEAD819933981E9184BED92211B76C02B66DC1A54918634A1AEB3167178B846465FB172CD525C2AC7DEA4C7C342068EECED7240981B353F47601F45B52E83B7AD97D400CF5FD31F810808D8D857EB8924930E0DC36658A349CC05C7B750Generated payload (excluding transport headers/trailers):
0000 | BA 0D 89 B5 AC 7E C6 49 66 2E CF 3C F3 BA 99 1B
0010 | 9D 8D AB D5 6C 8D 9C F5 77 54 AE 5A 5C B3 05 75
0020 | 9A 60 50 D0 03 00 00 00 FE 00 01 00 C7 1C AE B9
0030 | C6 B1 C9 04 8E 6C 52 2F 70 F1 3F 73 98 0D 40 23
0040 | 8E 3E 21 C1 49 34 D0 37 56 3D 93 0F 48 19 8A 0A
0050 | A7 C1 40 58 22 94 93 D2 25 30 F4 DB FA 33 6F 6E
0060 | 0A C9 25 13 95 43 AE D4 4C CE 7C 37 20 FD 51 F6
0070 | 94 58 70 5A C6 8C D4 FE 6B 6B 13 AB DC 97 46 51
0080 | 29 69 32 84 54 F1 8F AF 8C 59 5F 64 24 77 FE 96
0090 | BB 2A 94 1D 5B CD 1D 4A C8 CC 49 88 07 08 FA 9B
00A0 | 37 8E 3C 4F 3A 90 60 BE E6 7C F9 A4 A4 A6 95 81
00B0 | 10 51 90 7E 16 27 53 B5 6B 0F 6B 41 0D BA 74 D8
00C0 | A8 4B 2A 14 B3 14 4E 0E F1 28 47 54 FD 17 ED 95
00D0 | 0D 59 65 B4 B9 DD 46 58 2D B1 17 8D 16 9C 6B C4
00E0 | 65 B0 D6 FF 9C A3 92 8F EF 5B 9A E4 E4 18 FC 15
00F0 | E8 3E BE A0 F8 7F A9 FF 5E ED 70 05 0D ED 28 49
0100 | F4 7B F9 59 D9 56 85 0C E9 29 85 1F 0D 81 15 F6
0110 | 35 B1 05 EE 2E 4E 15 D0 4B 24 54 BF 6F 4F AD F0
0120 | 34 B1 04 03 11 9C D8 E3 B9 2F CC 5B FE 00 01 00
0130 | 7B 42 B2 99 03 9F BD E3 A5 89 69 36 83 98 69 7A
0140 | C9 52 27 1D C4 3A 54 38 E7 78 2B B6 52 91 F6 94
0150 | 83 57 5A 6E D2 C3 63 0E 91 75 C7 D4 23 17 43 05
0160 | FF 38 2C E1 DE D0 89 5A 9C EA FA 2E E9 22 D6 AB
0170 | F3 09 66 65 98 8A 10 F8 6D 45 8A 96 7E 13 28 15
0180 | 4A 8B 6D EF A5 7C 04 43 27 6A AA AF C9 BF 7E BE
0190 | FD FD 6B 1A 51 2B 7A 7D A6 04 2C 75 AD 9A 1D A9
01A0 | 9C 1B 8D A5 29 1E 61 4F 94 2F E5 1F D4 FC 13 4D
01B0 | 8C 8E 4A 20 20 21 5F D8 03 45 5E 0D 1C F1 2A 48
01C0 | B0 3E 77 FE 29 42 4D 18 4D 09 5B 54 55 39 18 3A
01D0 | EA C1 C5 DA 98 0A DA 7E F3 BC 20 49 3A 00 BB EA
01E0 | D8 19 93 39 81 E9 18 4B ED 92 21 1B 76 C0 2B 66
01F0 | DC 1A 54 91 86 34 A1 AE B3 16 71 78 B8 46 46 5F
0200 | B1 72 CD 52 5C 2A C7 DE A4 C7 C3 42 06 8E EC ED
0210 | 72 40 98 1B 35 3F 47 60 1F 45 B5 2E 83 B7 AD 97
0220 | D4 00 CF 5F D3 1F 81 08 08 D8 D8 57 EB 89 24 93
0230 | 0E 0D C3 66Payload (de)serialization:
server_DH_inner_data#b5890dba nonce:int128 server_nonce:int128 g:int dh_prime:string g_a:string server_time:int = Server_DH_inner_data;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| %(server_DH_inner_data) | 0, 4 | ba0d89b5 |
server_DH_inner_data constructor number from TL schema |
| nonce | 4, 16 | AC7EC649662ECF3CF3BA991B9D8DABD5 |
Value generated by client in Step 1 |
| server_nonce | 20, 16 | 6C8D9CF57754AE5A5CB305759A6050D0 |
Value received from server in Step 2 |
| g | 36, 4 | 03000000 (3 in decimal) |
Value received from server in Step 2 |
| dh_prime | 40, 260 | FE000100C71CAEB9C6B1C9048E6C522F 70F13F73980D40238E3E21C14934D037 563D930F48198A0AA7C14058229493D2 2530F4DBFA336F6E0AC925139543AED4 4CCE7C3720FD51F69458705AC68CD4FE 6B6B13ABDC9746512969328454F18FAF 8C595F642477FE96BB2A941D5BCD1D4A C8CC49880708FA9B378E3C4F3A9060BE E67CF9A4A4A695811051907E162753B5 6B0F6B410DBA74D8A84B2A14B3144E0E F1284754FD17ED950D5965B4B9DD4658 2DB1178D169C6BC465B0D6FF9CA3928F EF5B9AE4E418FC15E83EBEA0F87FA9FF 5EED70050DED2849F47BF959D956850C E929851F0D8115F635B105EE2E4E15D0 4B2454BF6F4FADF034B10403119CD8E3B92FCC5B |
2048-bit prime, in big-endian byte order, to be checked as specified in the auth key docs |
| g_a | 300, 260 | FE0001007B42B299039FBDE3A5896936 8398697AC952271DC43A5438E7782BB6 5291F69483575A6ED2C3630E9175C7D4 23174305FF382CE1DED0895A9CEAFA2E E922D6ABF3096665988A10F86D458A96 7E1328154A8B6DEFA57C0443276AAAAF C9BF7EBEFDFD6B1A512B7A7DA6042C75 AD9A1DA99C1B8DA5291E614F942FE51F D4FC134D8C8E4A2020215FD803455E0D 1CF12A48B03E77FE29424D184D095B54 5539183AEAC1C5DA980ADA7EF3BC2049 3A00BBEAD819933981E9184BED92211B 76C02B66DC1A54918634A1AEB3167178 B846465FB172CD525C2AC7DEA4C7C342 068EECED7240981B353F47601F45B52E 83B7AD97D400CF5FD31F810808D8D857EB892493 |
g_a diffie-hellman parameter |
| server_time | 560, 4 | 0E0DC366 (1724058894 in decimal) |
Server time |
First, generate a secure random 2048-bit number b:
b = 592CF3A19B9F0EAF00180A82A163D2734BD5B520CD6E7DFAFEACCDB4E64203CCB37CE3D94B45F10AF1D590B9FE8ACEED5FC0390C4B82FCC6E7FB83744382FC1643953D8E7B63AF64EEF000B16EAA8A5B80A8E432A1C23EDA3595E595FFEEB429F54B3CEA2A505B5E4CE9B43CA620FE8BB21079C53900852A26CD29062D22176B711435EBA75E446C8C72CE622E461D9D8C4322E0C2170E825E383B45C88A04E5C1CB33E19A859EB12D81F9AE6A3483A6DD45545F56227EE76841462EE855901E5121C73CAC985F6A21655557AE0ED4659B8F6B383C90F13B98ECF55A9F242EB1B0C5E695B83D1015236DED146C70C4D8C421E8B61F21BBBD8714C6656C06B162Then compute g_b = pow(g, b) mod dh_prime
g_b = 8D1278EB55A89D367A6E59DA3EDE2FB197719FEDB8D0267AE15A609E6E631352A2BAF8C2877AD56010AF1A7C28C58F67C82E7F16360B40519FE75E169930B96F55D677B3F248E01472A76800BC08CE8DAA8919E4902D5E9C5B344AD4D75DFA7500701C0B6E43BCB27DD1038B77DA5BE15E0478C97F71650D656D8788144673597AA665EDDDC485F703AB0A326BCCB8C11D2CB748673D4DD5BD21C279F31F893036930DC74DD564CBC2DE3FB243032979A41CFDB7FD06463F43721E79D0C2FD44F4BE371C7385D48CC71D7A104CF1BB8CC21AC3FC7E64FD647021F77864DD28A617F2386160A7DCD7BA7EA71C1DE7D21B304BEE614B3F24031F70E2CE02368BC7Generated payload (excluding transport headers/trailers):
0000 | 54 B6 43 66 AC 7E C6 49 66 2E CF 3C F3 BA 99 1B
0010 | 9D 8D AB D5 6C 8D 9C F5 77 54 AE 5A 5C B3 05 75
0020 | 9A 60 50 D0 00 00 00 00 00 00 00 00 FE 00 01 00
0030 | 8D 12 78 EB 55 A8 9D 36 7A 6E 59 DA 3E DE 2F B1
0040 | 97 71 9F ED B8 D0 26 7A E1 5A 60 9E 6E 63 13 52
0050 | A2 BA F8 C2 87 7A D5 60 10 AF 1A 7C 28 C5 8F 67
0060 | C8 2E 7F 16 36 0B 40 51 9F E7 5E 16 99 30 B9 6F
0070 | 55 D6 77 B3 F2 48 E0 14 72 A7 68 00 BC 08 CE 8D
0080 | AA 89 19 E4 90 2D 5E 9C 5B 34 4A D4 D7 5D FA 75
0090 | 00 70 1C 0B 6E 43 BC B2 7D D1 03 8B 77 DA 5B E1
00A0 | 5E 04 78 C9 7F 71 65 0D 65 6D 87 88 14 46 73 59
00B0 | 7A A6 65 ED DD C4 85 F7 03 AB 0A 32 6B CC B8 C1
00C0 | 1D 2C B7 48 67 3D 4D D5 BD 21 C2 79 F3 1F 89 30
00D0 | 36 93 0D C7 4D D5 64 CB C2 DE 3F B2 43 03 29 79
00E0 | A4 1C FD B7 FD 06 46 3F 43 72 1E 79 D0 C2 FD 44
00F0 | F4 BE 37 1C 73 85 D4 8C C7 1D 7A 10 4C F1 BB 8C
0100 | C2 1A C3 FC 7E 64 FD 64 70 21 F7 78 64 DD 28 A6
0110 | 17 F2 38 61 60 A7 DC D7 BA 7E A7 1C 1D E7 D2 1B
0120 | 30 4B EE 61 4B 3F 24 03 1F 70 E2 CE 02 36 8B C7Payload (de)serialization:
client_DH_inner_data#6643b654 nonce:int128 server_nonce:int128 retry_id:long g_b:string = Client_DH_Inner_Data;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| %(client_DH_inner_data) | 0, 4 | 54b64366 |
client_DH_inner_data constructor number from TL schema |
| nonce | 4, 16 | AC7EC649662ECF3CF3BA991B9D8DABD5 |
Value generated by client in Step 1 |
| server_nonce | 20, 16 | 6C8D9CF57754AE5A5CB305759A6050D0 |
Value received from server in Step 2 |
| g_b | 36, 260 | FE0001008D1278EB55A89D367A6E59DA 3EDE2FB197719FEDB8D0267AE15A609E 6E631352A2BAF8C2877AD56010AF1A7C 28C58F67C82E7F16360B40519FE75E16 9930B96F55D677B3F248E01472A76800 BC08CE8DAA8919E4902D5E9C5B344AD4 D75DFA7500701C0B6E43BCB27DD1038B 77DA5BE15E0478C97F71650D656D8788 144673597AA665EDDDC485F703AB0A32 6BCCB8C11D2CB748673D4DD5BD21C279 F31F893036930DC74DD564CBC2DE3FB2 43032979A41CFDB7FD06463F43721E79 D0C2FD44F4BE371C7385D48CC71D7A10 4CF1BB8CC21AC3FC7E64FD647021F778 64DD28A617F2386160A7DCD7BA7EA71C 1DE7D21B304BEE614B3F24031F70E2CE02368BC7 |
Single-byte prefix denoting length, a 256-byte (2048-bit) string, and zero bytes of padding |
| retry_id | 296, 8 | 0000000000000000 |
Equal to zero at the time of the first attempt; otherwise, it is equal to auth_key_aux_hash from the previous failed attempt (see Item 7). |
The serialization of Client_DH_Inner_Data produces a string data. This is used to generate encrypted_data as specified in step 6, using the following inputs:
data = 54B64366AC7EC649662ECF3CF3BA991B9D8DABD56C8D9CF57754AE5A5CB305759A6050D00000000000000000FE0001008D1278EB55A89D367A6E59DA3EDE2FB197719FEDB8D0267AE15A609E6E631352A2BAF8C2877AD56010AF1A7C28C58F67C82E7F16360B40519FE75E169930B96F55D677B3F248E01472A76800BC08CE8DAA8919E4902D5E9C5B344AD4D75DFA7500701C0B6E43BCB27DD1038B77DA5BE15E0478C97F71650D656D8788144673597AA665EDDDC485F703AB0A326BCCB8C11D2CB748673D4DD5BD21C279F31F893036930DC74DD564CBC2DE3FB243032979A41CFDB7FD06463F43721E79D0C2FD44F4BE371C7385D48CC71D7A104CF1BB8CC21AC3FC7E64FD647021F77864DD28A617F2386160A7DCD7BA7EA71C1DE7D21B304BEE614B3F24031F70E2CE02368BC7
padding = FE5409530AA9DA24EA778019
tmp_aes_key = F9AC244019A3D256B2D0B2A57CCBCB837A05D4A70685F26C926FBAAED69F4148
tmp_aes_iv = 1F5D43DF6BEE2B294A86F4F1DCE4E0A30C97CECB011C15F2E09241A4DB3F7E5EProcess:
data_with_hash := SHA1(data) + data + padding (0-15 random bytes such that total length is divisible by 16)
encrypted_data := AES256_ige_encrypt (data_with_hash, tmp_aes_key, tmp_aes_iv);Output:
encrypted_data = 6DB219ECBF7D9D7F82C74ED3A0F94C6B2DD8EFD9D013CE3C83711187BCDFAF7A7D6422CC3563BF797CF49D6B019899E8B0A9F6BFF7343A2F7B257E37C5AF8BBEC9B107A84D17BD11567846C804C25CF1D64A669410EFCF2D6FDCE346ECD3431AFAB0B7C0A4B514CC502B6AA66D3FFFBB240B0926E2747E687910C2BA53CAFAC8F7F678D678896169CBD6178733F069AD85B23CA0A84BF76A52AA470FDA804A1F9FBF34A6C944E419697AE7D2B9A4FD2D28BD44204E66FF5E6E7178669128D68EDE1D03B26020A1E9E2F38780FEA68AEB6297F7A282E164C9BA2DC5317A7541B26F726AB2B13E8192AFCE8A664FCFC71FCD0B6A7F1A829ED70CB7F0126E0E15FCAFE07E103CA90992E00071C996A2257B25FA51EE5F2F97255C15FADCE648D9051C03F0F5F5ABA532CA7A5340E5424E4831B296F361FE4C47ACEC49F0F00E8DA434A5FC4CFAB5D004D9867C9CA9195EC6The length of the final string is 336 bytes.
Sent payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 98 C9 0E 00 0E 0D C3 66
0010 | 78 01 00 00 1F 5F 04 F5 AC 7E C6 49 66 2E CF 3C
0020 | F3 BA 99 1B 9D 8D AB D5 6C 8D 9C F5 77 54 AE 5A
0030 | 5C B3 05 75 9A 60 50 D0 FE 50 01 00 6D B2 19 EC
0040 | BF 7D 9D 7F 82 C7 4E D3 A0 F9 4C 6B 2D D8 EF D9
0050 | D0 13 CE 3C 83 71 11 87 BC DF AF 7A 7D 64 22 CC
0060 | 35 63 BF 79 7C F4 9D 6B 01 98 99 E8 B0 A9 F6 BF
0070 | F7 34 3A 2F 7B 25 7E 37 C5 AF 8B BE C9 B1 07 A8
0080 | 4D 17 BD 11 56 78 46 C8 04 C2 5C F1 D6 4A 66 94
0090 | 10 EF CF 2D 6F DC E3 46 EC D3 43 1A FA B0 B7 C0
00A0 | A4 B5 14 CC 50 2B 6A A6 6D 3F FF BB 24 0B 09 26
00B0 | E2 74 7E 68 79 10 C2 BA 53 CA FA C8 F7 F6 78 D6
00C0 | 78 89 61 69 CB D6 17 87 33 F0 69 AD 85 B2 3C A0
00D0 | A8 4B F7 6A 52 AA 47 0F DA 80 4A 1F 9F BF 34 A6
00E0 | C9 44 E4 19 69 7A E7 D2 B9 A4 FD 2D 28 BD 44 20
00F0 | 4E 66 FF 5E 6E 71 78 66 91 28 D6 8E DE 1D 03 B2
0100 | 60 20 A1 E9 E2 F3 87 80 FE A6 8A EB 62 97 F7 A2
0110 | 82 E1 64 C9 BA 2D C5 31 7A 75 41 B2 6F 72 6A B2
0120 | B1 3E 81 92 AF CE 8A 66 4F CF C7 1F CD 0B 6A 7F
0130 | 1A 82 9E D7 0C B7 F0 12 6E 0E 15 FC AF E0 7E 10
0140 | 3C A9 09 92 E0 00 71 C9 96 A2 25 7B 25 FA 51 EE
0150 | 5F 2F 97 25 5C 15 FA DC E6 48 D9 05 1C 03 F0 F5
0160 | F5 AB A5 32 CA 7A 53 40 E5 42 4E 48 31 B2 96 F3
0170 | 61 FE 4C 47 AC EC 49 F0 F0 0E 8D A4 34 A5 FC 4C
0180 | FA B5 D0 04 D9 86 7C 9C A9 19 5E C6Payload (de)serialization:
set_client_DH_params#f5045f1f nonce:int128 server_nonce:int128 encrypted_data:string = Set_client_DH_params_answer;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 98C90E000E0DC366 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | 78010000 (376 in decimal) |
Message body length |
| %(set_client_DH_params) | 20, 4 | 1f5f04f5 |
set_client_DH_params constructor number from TL schema |
| nonce | 24, 16 | AC7EC649662ECF3CF3BA991B9D8DABD5 |
Value generated by client in Step 1 |
| server_nonce | 40, 16 | 6C8D9CF57754AE5A5CB305759A6050D0 |
Value received from server in Step 2 |
| encrypted_data | 56, 340 | FE5001006DB219ECBF7D9D7F82C74ED3 A0F94C6B2DD8EFD9D013CE3C83711187 BCDFAF7A7D6422CC3563BF797CF49D6B 019899E8B0A9F6BFF7343A2F7B257E37 C5AF8BBEC9B107A84D17BD11567846C8 04C25CF1D64A669410EFCF2D6FDCE346 ECD3431AFAB0B7C0A4B514CC502B6AA6 6D3FFFBB240B0926E2747E687910C2BA 53CAFAC8F7F678D678896169CBD61787 33F069AD85B23CA0A84BF76A52AA470F DA804A1F9FBF34A6C944E419697AE7D2 B9A4FD2D28BD44204E66FF5E6E717866 9128D68EDE1D03B26020A1E9E2F38780 FEA68AEB6297F7A282E164C9BA2DC531 7A7541B26F726AB2B13E8192AFCE8A66 4FCFC71FCD0B6A7F1A829ED70CB7F012 6E0E15FCAFE07E103CA90992E00071C9 96A2257B25FA51EE5F2F97255C15FADC E648D9051C03F0F5F5ABA532CA7A5340 E5424E4831B296F361FE4C47ACEC49F0 F00E8DA434A5FC4CFAB5D004D9867C9CA9195EC6 |
Encrypted client_DH_inner_data generated previously, serialized as a TL byte string |
The client computes the auth_key using formula g_a^b mod dh_prime:
auth_key = BD19EE3E32B7F2A3B21CE27F251253E106ACFE7401C24BAFC48AFF27D4CE65087D21DA335CC0B0C3E61C9968FFFF1DFDC3B15F976115D216753C1ECE895D93F2C24F5FA5DF76AF1C3BE8FEF67D1A70133BF587A93E823EC2F1F859899F9EDA79E004873F21492438EF308B467B9F872C188AE7ED0EEFEA51861D70497863092E5ECD0A440C1CBDC9C183B861C21E6E176645F001E551F29188E07ED84C6BBE7E3266F151D0F2C0CC00F867F821824BB81DF5C510F8E83AEE99D4A08A24209A69817E9F7DEBE86C1C0102BB27D2CA185D60CD31C283EC0AAC6FE7CC02BE53B92EE051F9FC8CC703184DD92303C0F8D7DB74C2F3BC705FCF33BD02B3A8EB4E6957The server verifies and confirms that auth_key_hash is unique: since it's unique, it replies with the following:
Received payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 01 74 0C 9C 0F 0D C3 66
0010 | 60 00 00 00 34 F7 CB 3B AC 7E C6 49 66 2E CF 3C
0020 | F3 BA 99 1B 9D 8D AB D5 6C 8D 9C F5 77 54 AE 5A
0030 | 5C B3 05 75 9A 60 50 D0 A1 20 67 1F 5B 7A 78 E9
0040 | DB D0 18 6D 6D B6 73 54Payload (de)serialization:
dh_gen_ok#3bcbf734 nonce:int128 server_nonce:int128 new_nonce_hash1:int128 = Set_client_DH_params_answer;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 01740C9C0F0DC366 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | 60000000 (96 in decimal) |
Message body length |
| %(dh_gen_ok) | 20, 4 | 34f7cb3b |
dh_gen_ok constructor number from TL schema |
| nonce | 24, 16 | AC7EC649662ECF3CF3BA991B9D8DABD5 |
Value generated by client in Step 1 |
| server_nonce | 40, 16 | 6C8D9CF57754AE5A5CB305759A6050D0 |
Value received from server in Step 2 |
| new_nonce_hash1 | 56, 16 | A120671F5B7A78E9DBD0186D6DB67354 |
The 128 lower-order bits of SHA1 of the byte string derived from the new_nonce string by adding a single byte with the value of 1, 2, or 3, and followed by another 8 bytes with auth_key_aux_hash. Different values are required to prevent an intruder from changing server response dh_gen_ok into dh_gen_retry. |