To quote: > HMAC_SHA512(key=ecdh_secret|cipher-type,msg="encryption key"). > > K_1 must be the left 32bytes of the HMAC_SHA512 hash. > K_2 must be the right 32bytes of the HMAC_SHA512 hash.
This seems a weak reason to introduce SHA512 to the mix. Can we just make: K_1 = HMAC_SHA256(key=ecdh_secret|cipher-type,msg="header encryption key") K_2 = HMAC_SHA256(key=ecdh_secret|cipher-type,msg="body encryption key") Thanks, Rusty. _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev