This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/tooling-docs.git
The following commit(s) were added to refs/heads/asf-site by this push:
new f86f301 Commit build products
f86f301 is described below
commit f86f301c2de76839f208f9a05f6aae979fe0e385
Author: Build Pelican (action) <[email protected]>
AuthorDate: Fri Apr 3 15:02:52 2026 +0000
Commit build products
---
output/_pagefind/fragment/en_3124d14.pf_fragment | Bin 0 -> 9993 bytes
output/_pagefind/index/en_12a154f.pf_index | Bin 0 -> 9586 bytes
output/_pagefind/index/en_69949a8.pf_index | Bin 0 -> 41365 bytes
output/_pagefind/index/en_cbfb155.pf_index | Bin 33244 -> 0 bytes
output/_pagefind/pagefind-entry.json | 2 +-
output/_pagefind/pagefind.en_122b31ec5e.pf_meta | Bin 189 -> 0 bytes
output/_pagefind/pagefind.en_6a334e3e8d.pf_meta | Bin 0 -> 217 bytes
output/noisy-secrets.html | 662 +++++++++++++++++++++++
8 files changed, 663 insertions(+), 1 deletion(-)
diff --git a/output/_pagefind/fragment/en_3124d14.pf_fragment
b/output/_pagefind/fragment/en_3124d14.pf_fragment
new file mode 100644
index 0000000..cd8e65f
Binary files /dev/null and b/output/_pagefind/fragment/en_3124d14.pf_fragment
differ
diff --git a/output/_pagefind/index/en_12a154f.pf_index
b/output/_pagefind/index/en_12a154f.pf_index
new file mode 100644
index 0000000..44e1974
Binary files /dev/null and b/output/_pagefind/index/en_12a154f.pf_index differ
diff --git a/output/_pagefind/index/en_69949a8.pf_index
b/output/_pagefind/index/en_69949a8.pf_index
new file mode 100644
index 0000000..958a232
Binary files /dev/null and b/output/_pagefind/index/en_69949a8.pf_index differ
diff --git a/output/_pagefind/index/en_cbfb155.pf_index
b/output/_pagefind/index/en_cbfb155.pf_index
deleted file mode 100644
index dd995ff..0000000
Binary files a/output/_pagefind/index/en_cbfb155.pf_index and /dev/null differ
diff --git a/output/_pagefind/pagefind-entry.json
b/output/_pagefind/pagefind-entry.json
index cc0d206..a73f8b7 100644
--- a/output/_pagefind/pagefind-entry.json
+++ b/output/_pagefind/pagefind-entry.json
@@ -1 +1 @@
-{"version":"1.0.4","languages":{"en":{"hash":"en_122b31ec5e","wasm":"en","page_count":13}}}
\ No newline at end of file
+{"version":"1.0.4","languages":{"en":{"hash":"en_6a334e3e8d","wasm":"en","page_count":14}}}
\ No newline at end of file
diff --git a/output/_pagefind/pagefind.en_122b31ec5e.pf_meta
b/output/_pagefind/pagefind.en_122b31ec5e.pf_meta
deleted file mode 100644
index 9ca759f..0000000
Binary files a/output/_pagefind/pagefind.en_122b31ec5e.pf_meta and /dev/null
differ
diff --git a/output/_pagefind/pagefind.en_6a334e3e8d.pf_meta
b/output/_pagefind/pagefind.en_6a334e3e8d.pf_meta
new file mode 100644
index 0000000..b98ec6a
Binary files /dev/null and b/output/_pagefind/pagefind.en_6a334e3e8d.pf_meta
differ
diff --git a/output/noisy-secrets.html b/output/noisy-secrets.html
new file mode 100644
index 0000000..8ea7d49
--- /dev/null
+++ b/output/noisy-secrets.html
@@ -0,0 +1,662 @@
+<!doctype html>
+<html class="no-js" lang="en" dir="ltr">
+ <head>
+ <meta charset="utf-8">
+ <meta http-equiv="x-ua-compatible" content="ie=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+ <title>Noisy Secrets - ASF Tooling Website</title>
+<link rel="shortcut icon" href="https://apache.org/favicons/favicon.ico";>
+<link href="/css/bootstrap.min.css" rel="stylesheet">
+<link href="/css/fontawesome.all.min.css" rel="stylesheet">
+<link href="/css/headerlink.css" rel="stylesheet">
+<link href="/css/app.css" rel="stylesheet">
+<link href="/highlight/github.min.css" rel="stylesheet">
+<script src="/highlight/highlight.min.js"></script>
+<script src="/js/mermaid.min.js"></script>
+<!-- pagefind search -->
+<link href="/_pagefind/pagefind-ui.css" rel="stylesheet">
+<script src="/_pagefind/pagefind-ui.js"></script>
+<script>
+ window.addEventListener('DOMContentLoaded', (event) => {
+ new PagefindUI({ element: "#pagefind-search" });
+ });
+ var pageTitle = '';
+ if(pageTitle === '404'){
+ window.addEventListener('DOMContentLoaded', (event) => {
+ new PagefindUI({ element: "#page-404-search" });
+ });
+ }
+</script>
+<script>
+ mermaid.initialize({
+ startOnLoad: true,
+ theme: "default"
+ });
+</script>
+<!-- pagefind search box styling -->
+<style>
+ body {
+ padding-top: 44px;
+ }
+ .search-form {
+ right: 0;
+ left: initial !important;
+ min-width: 25vw;
+ max-width: 90vw;
+ max-height: calc(95vh - 100px);
+ overflow: auto;
+ margin-top: 5px;
+ }
+ .mermaid {
+ margin: 1.2em 0;
+ padding: 1em;
+ background: #fff;
+ border: 1px solid #d0d7de;
+ border-radius: 6px;
+ }
+</style> </head>
+ <body class="d-flex flex-column h-100">
+<!-- nav bar -->
+<nav class="navbar navbar-expand-md navbar-light bg-info-light fixed-top"
aria-label="Tooling Initiative Navigation">
+ <div class="container-fluid">
+ <a class="navbar-brand" href="/">
+ <img src="https://apache.org/img/asf_logo.png"; alt="The Apache Software
Foundation" style="height: 42px; margin-left: 6px;">
+ <span style="font-weight: bold; position: relative; top: 5px;
margin-left: 10px;">Tooling Initiative</span>
+ </a>
+ <button class="navbar-toggler" type="button" data-bs-toggle="collapse"
data-bs-target="#navbarADP" aria-controls="navbarADP" aria-expanded="false"
aria-label="Toggle navigation">
+ <span class="navbar-toggler-icon"></span>
+ </button>
+ <div class="collapse navbar-collapse" id="navbarADP" style="position:
relative; top: 4px; margin-left: 16px;">
+ <ul class="navbar-nav me-auto">
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#"
data-bs-toggle="dropdown" aria-expanded="false">About</a>
+ <ul class="dropdown-menu">
+ <!--<li><a class="dropdown-item" href="/blog/">Tooling
Blog</a></li>-->
+ <li><a class="dropdown-item" href="/team.html">About the
team</a></li>
+ <li><a class="dropdown-item" href="/volunteer.html">Volunteer with
Tooling</a></li>
+ <!--<li><a class="dropdown-item" href="/job-posting.html">Job
Posting</a></li>-->
+ <li><hr class="dropdown-divider"></li>
+ <li><a class="dropdown-item" href="/trusted-releases.html">Trusted
Releases</a></li>
+ <li><a class="dropdown-item" href="/supply-chain.html">Supply
Chain Attacks FAQ</a></li>
+ <li><a class="dropdown-item"
href="/policies.html">Policies</a></li>
+ </ul>
+ </li>
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#"
data-bs-toggle="dropdown" aria-expanded="false">Tools</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item"
href="https://release-test.apache.org/";>Trusted Releases Alpha</a></li>
+ <li><a class="dropdown-item"
href="https://agenda.apache.org";>Board Agenda Tool</a></li>
+ </ul>
+ </li>
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#"
data-bs-toggle="dropdown" aria-expanded="false">Source</a>
+ <ul class="dropdown-menu">
+ <li><a class="dropdown-item"
href="https://github.com/apache/tooling-docs/";>Documentation Website</a></li>
+ <li><hr class="dropdown-divider"></li>
+ <li><a class="dropdown-item"
href="https://github.com/apache/tooling-trusted-releases";>Trusted
Releases</a></li>
+ <li><a class="dropdown-item"
href="https://github.com/apache/tooling-releases-client";>Trusted Releases
Client</a></li>
+ <li><a class="dropdown-item"
href="https://github.com/apache/tooling-actions";>Trusted Releases
Actions</a></li>
+ <li><hr class="dropdown-divider"></li>
+ <li><a class="dropdown-item"
href="https://github.com/apache/tooling-agenda";>Agenda Tool</a></li>
+ <li><hr class="dropdown-divider"></li>
+ <li><a class="dropdown-item"
href="https://github.com/apache/tooling-secretary";>Secretary's
Workbench</a></li>
+ </ul>
+ </li>
+ <li class="nav-item dropdown">
+ <a href="#" class="nav-link dropdown-toggle hidden-xs"
data-bs-toggle="dropdown"><span class="fa-solid fa-magnifying-glass"
aria-hidden="true"></span> Search</a>
+ <ul class="search-form dropdown-menu">
+ <li>
+ <div id="pagefind-search" class="input-group" style="width:
100%; padding: 0 5px;"></div>
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <ul class="navbar-nav">
+ <li class="nav-item dropdown">
+ <a class="nav-link dropdown-toggle" href="#" role="button"
data-bs-toggle="dropdown" aria-expanded="false">
+ About The ASF
+ </a>
+ <ul class="dropdown-menu dropdown-menu-end">
+ <li><a class="dropdown-item"
href="https://www.apache.org/";>Foundation</a></li>
+ <li><hr class="dropdown-divider"></li>
+ <li><a class="dropdown-item"
href="https://www.apache.org/licenses/";>License</a></li>
+ <li><a class="dropdown-item"
href="https://www.apache.org/foundation/sponsorship.html";>Sponsorship</a></li>
+ <li><a class="dropdown-item"
href="https://www.apache.org/foundation/thanks.html";>Thanks</a></li>
+ <li><hr class="dropdown-divider"></li>
+ <li><a class="dropdown-item"
href="https://www.apache.org/security/";>Security</a></li>
+ <li><a class="dropdown-item"
href="https://privacy.apache.org/policies/privacy-policy-public.html";>Privacy
Policy</a></li>
+ </ul>
+ </li>
+ </ul>
+ </div>
+ </div>
+</nav> <main class="flex-shrink-0">
+ <div>
+<!-- page contents -->
+<div id="contents">
+ <div class="bg-white p-5 rounded">
+ <div class="col-sm-12 mx-auto">
+ <h1>
+ Noisy Secrets
+ </h1>
+ <h1>Noisy Secrets</h1>
+<p>Draft Specification, 2026-04-03.</p>
+<p>Not intended for review outside of the Apache Software Foundation.</p>
+<h2>1. Abstract</h2>
+<p>Noisy Secrets are bearer credentials which are designed to be easy to
detect when leaked. They contain checksums for validation, and may optionally
contain a namespace to provide a hint to identify the issuing party for leak
reports.</p>
+<h2>2. Conventions</h2>
+<p>RFC 2119 and RFC 8174 keywords are used throughout. All indices in this
specification are zero-based, and all ranges are inclusive. All strings are
case-sensitive ASCII octets. The words "byte" and "character" are used
interchangeably. The notation |x| indicates the length of x, for any x.
References to grammar productions of fixed strings sometimes refer to an
instance of the fixed string itself.</p>
+<h2>3. Alphabets</h2>
+<h3>3.1. Noisy Base37</h3>
+<p>All characters in a Noisy Secret are taken from the following Noisy Base37
alphabet:</p>
+<pre><code>BASE37 = %x30-39 / %x5F / %x61-7A
+</code></pre>
+<p>These are the 37 characters <code>0-9</code>, <code>_</code>, and
<code>a-z</code> respectively, giving the full alphabet:</p>
+<pre><code>0123456789_abcdefghijklmnopqrstuvwxyz
+</code></pre>
+<h3>3.2. Noisy Base36</h3>
+<p>The first and last character in a Namespace are taken from the following
Noisy Base36 alphabet:</p>
+<pre><code>BASE36 = %x30-39 / %x61-7A
+</code></pre>
+<p>These are the 36 characters <code>0-9</code> and <code>a-z</code>
respectively, giving the full alphabet:</p>
+<pre><code>0123456789abcdefghijklmnopqrstuvwxyz
+</code></pre>
+<p>This is a strict subset of Noisy Base37, omitting the character
<code>_</code>.</p>
+<h3>3.3. Noisy Base32</h3>
+<p>All characters in the Payload are taken from the following Noisy Base32
alphabet:</p>
+<pre><code>BASE32 = %x32-39 / %x61-6B / %x6D-6E / %x70-7A
+</code></pre>
+<p>These are the 32 characters <code>2-9</code>, <code>a-k</code>,
<code>m-n</code>, and <code>p-z</code> respectively, giving the full
alphabet:</p>
+<pre><code>23456789abcdefghijkmnpqrstuvwxyz
+</code></pre>
+<p>This is a strict subset of Noisy Base37, omitting the 5 characters
<code>0</code>, <code>1</code>, <code>_</code>, <code>l</code>, and
<code>o</code>.</p>
+<h3>3.4. Domain Component</h3>
+<p>All characters in components of domain names used to produce Namespaces are
taken from the following Domain Component alphabet:</p>
+<pre><code>COMPONENT = %x2D / %x30-39 / %x61-7A
+</code></pre>
+<p>These are the 37 characters <code>-</code>, <code>0-9</code>, and
<code>a-z</code> respectively, giving the full alphabet:</p>
+<pre><code>-0123456789abcdefghijklmnopqrstuvwxyz
+</code></pre>
+<p>This alphabet is not used within Noisy Secret values, only during
construction as part of the algorithm.</p>
+<h2>4. Strings</h2>
+<h3>4.1. Prefix</h3>
+<pre><code>Prefix = %s"secret"
+</code></pre>
+<p>A Prefix is a fixed string, 6 bytes long.</p>
+<h3>4.2. Pad</h3>
+<pre><code>Pad = %s"_"
+</code></pre>
+<p>A Pad is a fixed string, 1 byte long.</p>
+<h3>4.3. Namespace String</h3>
+<pre><code>NamespaceString = %x32
+NamespaceString /= %x34 Pad BASE36
+NamespaceString /= %x35 Pad BASE36 BASE36
+NamespaceString /= %x36 Pad BASE36 BASE37 BASE36
+NamespaceString /= %x37 Pad BASE36 2(BASE37) BASE36
+NamespaceString /= %x38 Pad BASE36 3(BASE37) BASE36
+NamespaceString /= %x39 Pad BASE36 4(BASE37) BASE36
+NamespaceString /= %x61 Pad BASE36 5(BASE37) BASE36
+NamespaceString /= %x62 Pad BASE36 6(BASE37) BASE36
+NamespaceString /= %x63 Pad BASE36 7(BASE37) BASE36
+NamespaceString /= %x64 Pad BASE36 8(BASE37) BASE36
+NamespaceString /= %x65 Pad BASE36 9(BASE37) BASE36
+NamespaceString /= %x66 Pad BASE36 10(BASE37) BASE36
+NamespaceString /= %x67 Pad BASE36 11(BASE37) BASE36
+NamespaceString /= %x68 Pad BASE36 12(BASE37) BASE36
+NamespaceString /= %x69 Pad BASE36 13(BASE37) BASE36
+NamespaceString /= %x6A Pad BASE36 14(BASE37) BASE36
+NamespaceString /= %x6B Pad BASE36 15(BASE37) BASE36
+NamespaceString /= %x6D Pad BASE36 16(BASE37) BASE36
+NamespaceString /= %x6E Pad BASE36 17(BASE37) BASE36
+NamespaceString /= %x70 Pad BASE36 18(BASE37) BASE36
+NamespaceString /= %x71 Pad BASE36 19(BASE37) BASE36
+NamespaceString /= %x72 Pad BASE36 20(BASE37) BASE36
+NamespaceString /= %x73 Pad BASE36 21(BASE37) BASE36
+NamespaceString /= %x74 Pad BASE36 22(BASE37) BASE36
+NamespaceString /= %x75 Pad BASE36 23(BASE37) BASE36
+NamespaceString /= %x76 Pad BASE36 24(BASE37) BASE36
+NamespaceString /= %x77 Pad BASE36 25(BASE37) BASE36
+NamespaceString /= %x78 Pad BASE36 26(BASE37) BASE36
+NamespaceString /= %x79 Pad BASE36 27(BASE37) BASE36
+NamespaceString /= %x7A Pad BASE36 28(BASE37) BASE36
+</code></pre>
+<p>A Namespace String is either 1 or from 3 to 32 bytes long. The first
character of a Namespace String indicates the total length, but not in a way
that is compatible with standard decimal Arabic numerals. The value three
(<code>3</code>, %x33), which would have indicated a total length of 2, is
deliberately not part of the grammar and cannot be used.</p>
+<h3>4.4. Payload String</h3>
+<pre><code>PayloadString = 32(BASE32)
+</code></pre>
+<p>A Payload String is 32 bytes long.</p>
+<h3>4.5. Interleaved Checksum String</h3>
+<pre><code>InterleavedChecksumString = 8(BASE37)
+</code></pre>
+<p>An Interleaved Checksum String is 8 bytes long.</p>
+<h3>4.6. Noisy Secret String</h3>
+<pre><code>Left = Prefix Pad NamespaceString
+Right = PayloadString InterleavedChecksumString
+NoisySecretString = Left Pad Right
+</code></pre>
+<p>A Noisy Secret String is either 49 or from 51 to 80 bytes long.</p>
+<h2>5. Constructions</h2>
+<h3>5.1. Namespace</h3>
+<p>Construction of a Namespace is a function over an optional lowercase fully
qualified domain name (FQDN) without trailing dot. The FQDN MAY be an IDN that
has already been encoded to ASCII as specified by IDNA2008, and MUST NOT be the
empty string. Namespace is a subset of Namespace String.</p>
+<ol>
+<li>If there is no FQDN, the Namespace is the digit 2 (<code>2</code>).</li>
+<li>If there is a FQDN, the Namespace is constructed as follows, where each
step from b to i is applied to the result from the prior step:
+a. Split the FQDN into components at each full stop character (<code>.</code>).
+b. If any component contains characters not in the <code>COMPONENT</code>
alphabet, this FQDN cannot be used to obtain a Namespace.
+c. If any component starts with or ends with a hyphen (<code>-</code>), then
this FQDN cannot be used to obtain a Namespace.
+d. If any component is empty, then this FQDN cannot be used to obtain a
Namespace.
+e. Reverse the order of the components.
+f. Convert each hyphen (<code>-</code>) in each component to two underscores.
+g. Join the components with a single underscore character (<code>_</code>).
This resulting value is called Joined.
+h. If |Joined| is greater than 30, this FQDN cannot be used to obtain a
Namespace.
+i. The Namespace is the concatenation of the character at index |Joined| + 1
in the <code>BASE32</code> alphabet, a Pad, and Joined.</li>
+</ol>
+<h3>5.2. Namespace Domain</h3>
+<p>Construction of a Namespace Domain is a function over a Namespace. The
Namespace Domain is an optional lowercase FQDN without trailing dot, and MAY be
an IDN that has already been encoded to ASCII as specified by IDNA2008.</p>
+<ol>
+<li>If the Namespace is the digit 2 (<code>2</code>), there is no FQDN.</li>
+<li>Otherwise the Namespace Domain is constructed as follows, where each step
from b to e is applied to the result from the prior step:
+a. Remove the first two characters from the Namespace.
+b. Convert each two consecutive underscore characters (<code>__</code>) to a
single hyphen character (<code>-</code>).
+c. Split into components at each Pad character (<code>_</code>).
+d. Reverse the order of the components.
+e. Join the components with a single full stop character (<code>.</code>).</li>
+</ol>
+<h3>5.3. Padded Namespace Tag</h3>
+<p>A Padded Namespace Tag is constructed as a function over a Namespace
String, and consists of the Namespace String followed by 32 - |Namespace
String| Pad characters.</p>
+<h3>5.4. Padded Namespace</h3>
+<p>A Padded Namespace is the subset of a Padded Namespace Tag that is
constructed over a Namespace. Padded Namespace is a subset of Padded Namespace
Tag.</p>
+<h3>5.5. Payload</h3>
+<p>A Payload is constructed as a function over no arguments. It consists of 32
characters where each character is selected independently and uniformly at
random from the <code>BASE32</code> alphabet. The selection process MUST be
based on a cryptographically secure random source. Payload is a subset of
Payload String.</p>
+<h3>5.6. Even Message Tag and Odd Message Tag</h3>
+<p>Construction of Even and Odd Message Tags is a function over a Namespace
String and a Payload String. Obtain a Padded Namespace Tag from the Namespace
String using the algorithm in Section 5.3. The Even Message Tag is the
concatenation of each even index from 0 to 30 of the Padded Namespace Tag with
each even index from 0 to 30 of the Payload String. The Odd Message Tag is the
concatenation of each odd index from 1 to 31 of the Padded Namespace Tag with
each odd index from 1 to 31 of [...]
+<h3>5.7. Even Message and Odd Message</h3>
+<p>Even and Odd Messages are the subset of Even and Odd Message Tags that are
constructed over a Namespace and Payload. The Even Message and the Odd Message
are each a kind of Message, which is used in Section 5.9.</p>
+<h3>5.8. Checksum Tag</h3>
+<p>Construction of a Checksum Tag is a function over a Message Tag. The
Checksum Tag is the parity string of the Message Tag using a Reed-Solomon code
over GF(37) with block length 36, generator polynomial (x - 2)(x - 4)(x - 8)(x
- 16), and message characters interpreted as lowest degree first coefficients,
all as specified in Section 6.</p>
+<h3>5.9. Checksum</h3>
+<p>Checksum is the subset of Checksum Tag that is constructed over a
Message.</p>
+<h3>5.10. Interleaved Checksum Tag</h3>
+<p>An Interleaved Checksum Tag is constructed as a function over Even and Odd
Checksum Tags. The character at index 2i of the Interleaved Checksum Tag is the
character at index i of the Even Checksum Tag, and the character at index 2i +
1 of the Interleaved Checksum Tag is the character at index i of the Odd
Checksum Tag, for i from 0 to 3. An Interleaved Checksum Tag is a subset of
Interleaved Checksum String.</p>
+<h3>5.11. Interleaved Checksum</h3>
+<p>An Interleaved Checksum is the subset of Interleaved Checksum Tag that is
constructed over Even and Odd Checksums.</p>
+<h3>5.12. Noisy Secret Tag</h3>
+<p>A Noisy Secret Tag is constructed as a function over a Namespace String and
a Payload String. Obtain Even and Odd Message Tags using the construction in
Section 5.6. Obtain Even and Odd Checksum Tags using the construction in
Section 5.8. Obtain an Interleaved Checksum Tag from the Even and Odd Checksum
Tags using the construction in Section 5.10. The Noisy Secret Tag is the
concatenation of a Prefix, a Pad, the Namespace String, a Pad, the Payload
String, and the Interleaved Checksum [...]
+<h3>5.13. Noisy Secret</h3>
+<p>A Noisy Secret is the subset of Noisy Secret Tag that is constructed over
an optional lowercase FQDN without trailing dot. If specified, the FQDN used to
obtain the Namespace MUST be controlled by the issuing party. Obtain a
Namespace using the construction in Section 5.1, and a Payload using the
construction in Section 5.5. The Noisy Secret is the Noisy Secret Tag obtained
from the Namespace and Payload using the construction in Section 5.12. A Noisy
Secret is a subset of both Noisy [...]
+<h2>6. Checksum Tag Algorithm</h2>
+<h3>6.1. Construction</h3>
+<p>Checksum Tags are computed over a Message Tag as defined by Section 5.6,
which is a sequence of 32 characters from <code>BASE37</code>. Each character
in the Message Tag is interpreted as a field element of GF(37), i.e. the
integers modulo 37 where all arithmetic is performed modulo 37, using a mapping
from <code>BASE37</code> in ASCII order, i.e. from "0" mapping to GF(37)
element 0 to "z" mapping to element 36.</p>
+<p>The GF(37) interpretation of the Message Tag is used as a Reed-Solomon
message in an RS(36, 32) code called Noisy RS(36, 32). The message field
elements are interpreted as the lowest to highest coefficients of a polynomial
M(x):</p>
+<pre><code>M(x) = m0 + m1*x + ... + m31*x^31
+</code></pre>
+<p>The polynomial C(x) is then the unique polynomial of degree less than 4
where M(x) + x^32*C(x) is divisible by the generator polynomial g(x) = (x -
2)(x - 4)(x - 8)(x - 16) over GF(37).</p>
+<p>The coefficient vector of C(x) for a given message in the foregoing
construction, from lowest to highest coefficients, is encoded by mapping each
of the field elements, including any trailing zeroes, by interpreting it as an
index in <code>BASE37</code> in ASCII order to form the 4 character Checksum
Tag. The Checksum Tag is also known as a parity string.</p>
+<h3>6.2. Parameters and Equivalent Constructions</h3>
+<p>The RS(36, 32) code parameters are:</p>
+<pre><code>q = 37 field size (alphabet size)
+n = 36 block length (q - 1)
+k = 32 message length (n - t)
+t = 4 parity length (n - k)
+</code></pre>
+<p>The field size, q, of any Reed-Solomon code is a prime power, in this case
37^1 = 37, and the chosen block length n = q - 1 = 36 is the order of the
multiplicative group of GF(37). In the cyclic construction, the generator
polynomial must have consecutive roots over a primitive element of the chosen
field. The primitive element of a field, traditionally called alpha, is one
that generates all non-zero elements of that field, in any order, for powers
from 0 to the field size minus 2. I [...]
+<p>The roots of a cyclic Reed-Solomon construction are any N consecutive
powers of the primitive element, alpha, where N is the parity length. For
RS(36, 32) over GF(37), the parity length is 4, and Noisy RS(36, 32) uses
alpha^1, alpha^2, alpha^3, alpha^4 = 2^1, 2^2, 2^3, 2^4 = 2, 4, 8, 16, giving
the generator polynomial (x - 2)(x - 4)(x - 8)(x - 16). This is equivalent to
the polynomial g(x) with coefficient vector [25, 2, 21, 7, 1], presented from
lowest to highest degree to match the [...]
+<pre><code>g(x) = 25 + 2*x + 21*x^2 + 7*x^3 + x^4 over GF(37)
+</code></pre>
+<p>The checksum polynomial, C(x), is the unique polynomial of degree less than
4 for which the concatenated codeword polynomial, with message coefficients
first and checksum coefficients last, is divisible by the generator
polynomial.</p>
+<h2>7. Validation</h2>
+<p>Validation is performed over a Value. If a Value matches the criterion in
Section 7.1 then it is a Candidate. If a Candidate matches the criterion in
Section 7.5 then it is a Noisy Secret Tag. Determination of whether a Noisy
Secret Tag is also a Noisy Secret requires out-of-band information.</p>
+<h3>7.1. Candidate Value</h3>
+<p>A Value is a Candidate if it is a byte string with length of either 49 or
from 51 to 80.</p>
+<h3>7.2. Candidate Namespace Construction</h3>
+<p>A Candidate Namespace is constructed as a function over a Candidate. The
substring from indices 7 to |Candidate| - 42 in the Candidate is the Candidate
Namespace as long as it matches the <code>NamespaceString</code> production.
Otherwise the Candidate has no Candidate Namespace. A Candidate Namespace is a
Namespace String.</p>
+<h3>7.3. Candidate Payload Construction</h3>
+<p>A Candidate Payload is constructed as a function over a Candidate. The
substring from indices |Candidate| - 40 to |Candidate| - 9 in the Candidate is
the Candidate Payload as long as each character in this substring is also in
<code>BASE32</code>. Otherwise the Candidate has no Candidate Payload. A
Candidate Payload is a Payload String.</p>
+<h3>7.4. Expected Candidate Construction</h3>
+<p>An Expected Candidate is constructed as a function over a Candidate. Try to
obtain a Candidate Namespace using the construction in Section 7.2, and a
Candidate Payload using the construction in Section 7.3. If the Candidate has
no Candidate Namespace or no Candidate Payload, then the Candidate has no
Expected Candidate. Otherwise the Expected Candidate is the Noisy Secret Tag
obtained using the construction in Section 5.12.</p>
+<h3>7.5. Noisy Secret Tag Candidate</h3>
+<p>A Candidate is a Noisy Secret Tag if it is identical to the Expected
Candidate obtained from it using the construction in Section 7.4. If no
Expected Candidate can be obtained from the Candidate, then the Candidate is
not a Noisy Secret Tag.</p>
+<h2>8. Security Considerations</h2>
+<h3>8.1. Bearer Credential Handling</h3>
+<p>Noisy Secrets are bearer credentials, so possession alone is sufficient for
authentication. Implementations and operators SHOULD:</p>
+<ol>
+<li>Generate Noisy Secrets in secure environments.</li>
+<li>Store Noisy Secrets securely. Relying parties SHOULD typically store
hashes of Noisy Secrets, and users SHOULD use standard security practices to
prevent unauthorised access to their Noisy Secrets.</li>
+<li>Be careful to avoid accidental exfiltration through configuration files,
plaintext logs, or similar mechanisms.</li>
+<li>Transmit Noisy Secrets only when necessary, and only through secure
channels.</li>
+<li>Provide revocation and rotation procedures as appropriate.</li>
+</ol>
+<h3>8.2. Namespace Domain Visibility</h3>
+<p>If a Namespace encodes a FQDN in a Noisy Secret, that FQDN MUST be
controlled by the issuing party. This provides a hint to identify the issuing
party to enable the report of leaked Noisy Secrets. It also, however, has the
side effect of notifying attackers where to find information about the service
that the Noisy Secret has leaked from. This information is often available in
the same band as the leaked Noisy Secret itself, if, for example, it was leaked
in a configuration file for a [...]
+<ol>
+<li>No domain.</li>
+<li>Domain pools credentials between organisations and routes reports.</li>
+<li>Domain pools services within an organisation and routes reports.</li>
+<li>Domain secretly identifies a service.</li>
+<li>Domain of a service.</li>
+</ol>
+<h3>8.3. Namespace Domain Trust</h3>
+<p>An FQDN in a Namespace MUST be controlled by the issuing party. Despite
this, it is not guaranteed that such an FQDN derived from a given Noisy Secret
is controlled by the issuing party for a number of reasons, including, for
example:</p>
+<ul>
+<li>The issuing party of a Noisy Secret did not comply with the requirement to
use a domain under their control.</li>
+<li>The domain was controlled by the issuing party when the Noisy Secret was
created, but has since expired.</li>
+</ul>
+<p>Therefore a Namespace FQDN is not a proof of origin. Any party can generate
a Noisy Secret based on any FQDN, including ones never registered. Care MUST be
taken by reporters of leaked credentials to ensure that they are not used as a
Denial of Service amplification vector.</p>
+<h3>8.4. Payload Generation</h3>
+<p>Implementations MUST construct payloads from a cryptographically secure
random source. Failure to use such a source can be catastrophic for security.
Implementors MUST be careful to avoid modulo bias when obtaining random
values.</p>
+<p>A Payload generated according to this specification has exactly 160 bits of
entropy, because it consists of 32 independent selections from an alphabet of
size 32, giving 32^32 = 2^160 possible values. The resistance of a Noisy Secret
to guessing is derived from the Payload. The Namespace is optional metadata and
the Checksum is deterministic redundancy for validation, so neither SHOULD be
counted when assessing the strength of a Noisy Secret.</p>
+<p>When an issuing party has generated N Noisy Secrets sharing the same
Namespace, the probability of an attacker guessing any one of them in a single
online attempt is N / 2^160. When N Noisy Secrets are issued within the same
Namespace, the probability of at least two sharing the same Payload is
approximately 1 - e^(-N^2 / 2^161). At 2^70 secrets issued, this is
approximately 2^(-21), whereas at 2^80 this is approximately 0.39.</p>
+<h3>8.5. Checksum Limitations</h3>
+<p>Checksum validation is not sufficient authentication. See Section 8.6 for
details.</p>
+<p>The kind of checksum used in Noisy Secrets guarantees detection of any
error affecting at most 4 characters within its input message, but the
distribution of characters within the Noisy Secret to the input message is a
specification detail that may not be obvious to users.</p>
+<p>Each of the two Checksum Tags is constructed over separate Reed-Solomon
messages of length 32. The Even Message Tag contains characters from
even-indexed positions (0, 2, ..., 30) of the Padded Namespace Tag and Payload
String, and the Odd Message Tag contains characters from odd-indexed positions
(1, 3, ..., 31), as specified in Section 5.6. Consecutive characters in the
Namespace String or the Payload String therefore alternate between the two
independent Reed-Solomon messages. The [...]
+<p>Errors that change the length of the Namespace or the length of the Payload
are always rejected by the validation algorithm.</p>
+<p>Checksums are intended for validation. It is possible to repair errors in 2
characters per input message, but implementors MUST NOT repair errors in Noisy
Secrets being submitted as bearer credentials. Users MAY use a correct repair
algorithm on their own credentials if found to be corrupted, but SHOULD
investigate the cause of the corruption in case of, for example, malicious
manipulation of the value.</p>
+<h3>8.6. Validation Considerations</h3>
+<p>Validation is not authentication and does not protect against malicious
forgery. Validation MUST NOT be relied upon to authenticate users. Successful
validation MUST only be considered proof that the value being validated is a
Noisy Secret Tag, and not that it is an authentic Noisy Secret belonging to a
known user.</p>
+<p>Timing secure comparison SHOULD be used when checking Noisy Secrets against
either other Noisy Secrets, or hashes of Noisy Secrets against hashes of Noisy
Secrets.</p>
+<h2>9. Implementation Considerations</h2>
+<h3>9.1. Undesired Substrings</h3>
+<p>The alphabets used by Noisy Secrets overlap with many languages that use
Latin script. In many cultures using these languages, certain words are taboo
such as profanity, and issuing parties may want to avoid issuing credentials
that contain such words as substrings. This specification does not forbid doing
so, as it is equivalent to issuing to users and revoking. An alternative view
of this practice, however, is that it reduces the security properties of the
payload to below 160 bits. [...]
+<h3>9.2. Case Sensitivity</h3>
+<p>Noisy Secrets are case sensitive. Case folding MUST NOT be performed. Noisy
Secrets MUST NOT be issued with uppercase characters, and values containing
uppercase characters MUST NOT be treated as Noisy Secrets. The foregoing
applies to all Noisy Secret Tags.</p>
+<h3>9.3. Namespace Length Prefix</h3>
+<p>If checking the length of a Candidate by inspecting the Namespace length
prefix, note that the <code>BASE32</code> character three (<code>3</code>) is
intentionally never used, and is not a valid length prefix character. The total
lengths as integers may be obtained using the following mapping from
<code>BASE32</code> character to integer:</p>
+<pre><code>2 -> 1
+3 -> not valid
+4 -> 3
+5 -> 4
+6 -> 5
+7 -> 6
+8 -> 7
+9 -> 8
+a -> 9
+b -> 10
+c -> 11
+d -> 12
+e -> 13
+f -> 14
+g -> 15
+h -> 16
+i -> 17
+j -> 18
+k -> 19
+m -> 20
+n -> 21
+p -> 22
+q -> 23
+r -> 24
+s -> 25
+t -> 26
+u -> 27
+v -> 28
+w -> 29
+x -> 30
+y -> 31
+z -> 32
+</code></pre>
+<h3>9.4. Confusable Characters</h3>
+<p>The use of <code>BASE32</code> reduces visually confusable characters in a
Noisy Secret but does not eliminate them. The primary consideration was to
ensure that the Payload is equivalent to exactly 160 bits of entropy. It would
be impossible to remove all confusable characters anyway while allowing
encodings of FQDNs where the original alphanumeric characters from the domain
name are preserved. Therefore Noisy Secrets SHOULD be presented to users in
typefaces where differences betwee [...]
+<h3>9.5. Lack of Versioning</h3>
+<p>Noisy Secrets are not versioned. If a divergent successor specification is
necessary, it is RECOMMENDED to change the prefix or encoding details and
potentially some details of the checksum algorithm to differentiate it from a
Noisy Secret. To bolster interoperability, however, the creation of any
successor specification SHOULD be avoided if possible.</p>
+<h3>9.6. Underscore Conversion</h3>
+<p>The order of conversion of underscore characters in Section 5.2 step b is
moot given the constraints on strings produced in Section 5.1, but is important
for the algorithm in Section 9.8. The order of conversion when applying the
modified algorithm described in Section 9.8 MUST be greedy, left to right.</p>
+<h3>9.7. Validation</h3>
+<p>The validation algorithm in this specification is intended to be simple,
not efficient. Implementors MAY use a more efficient algorithm as long as it
has the same outcome for every possible input as the algorithm in this
specification.</p>
+<h3>9.8. Candidate Domain</h3>
+<p>If a Candidate Namespace has been extracted from a Candidate which has been
validated as a Noisy Secret Tag, then that Candidate Namespace may be used in
the place of a Namespace in the algorithm in Section 5.2, even though it is a
Namespace String: to obtain this modified algorithm, for Namespace in the
original algorithm read Candidate Namespace, and consider the output to be a
Candidate Domain. A Candidate Domain is not the same as a Namespace Domain, and
may not be a valid FQDN. T [...]
+<h3>9.9. Scanning</h3>
+<p>Implementations often scan large bodies of text for possible Noisy Secrets.
Regular expressions are useful for identifying Candidates, but a regular
expression alone cannot validate the Interleaved Checksum Tag. Therefore a
scanner MUST apply the validation algorithm in Section 7 to every regex match
before treating it as a Noisy Secret Tag unless false positives are
acceptable.</p>
+<p>Scanning MUST be case-sensitive and ASCII-based. Implementations SHOULD use
explicit ASCII character classes and SHOULD NOT use <code>\w</code>,
<code>\d</code>, <code>\s</code>, <code>\b</code>, locale-sensitive matching,
Unicode case folding, or normalization. In particular, <code>\b</code> is not
suitable because underscore (<code>_</code>) is part of <code>BASE37</code>.</p>
+<p>For the regexes below, the alphabets are manifested as:</p>
+<pre><code>BASE37 = [0-9_a-z]
+BASE36 = [0-9a-z]
+BASE32 = [2-9a-km-np-z]
+</code></pre>
+<p>A general regex for all Noisy Secret Strings is:</p>
+<pre><code>secret_(?:2|[4-9a-km-np-z]_[0-9a-z](?:[0-9_a-z]{0,28}[0-9a-z])?)_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+</code></pre>
+<p>This is only a scanner prefilter. It will also match strings that are not
actually Noisy Secret Tags, especially ones where the Namespace String is
syntactically plausible but the leading length-prefix character does not agree
with the actual namespace length, and ones where the final 8 BASE37 characters
are not the correct interleaved even and odd Reed-Solomon checksums for the
preceding Namespace and Payload. It may also match syntactically valid
NamespaceString values that could no [...]
+<p>Scanners MAY instead use specialised regexes for each length-prefixed
subset.
+These are:</p>
+<pre><code>2: secret_2_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+4: secret_4_[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+5: secret_5_[0-9a-z]{2}_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+6: secret_6_[0-9a-z][0-9_a-z]{1}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+7: secret_7_[0-9a-z][0-9_a-z]{2}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+8: secret_8_[0-9a-z][0-9_a-z]{3}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+9: secret_9_[0-9a-z][0-9_a-z]{4}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+a: secret_a_[0-9a-z][0-9_a-z]{5}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+b: secret_b_[0-9a-z][0-9_a-z]{6}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+c: secret_c_[0-9a-z][0-9_a-z]{7}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+d: secret_d_[0-9a-z][0-9_a-z]{8}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+e: secret_e_[0-9a-z][0-9_a-z]{9}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+f: secret_f_[0-9a-z][0-9_a-z]{10}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+g: secret_g_[0-9a-z][0-9_a-z]{11}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+h: secret_h_[0-9a-z][0-9_a-z]{12}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+i: secret_i_[0-9a-z][0-9_a-z]{13}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+j: secret_j_[0-9a-z][0-9_a-z]{14}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+k: secret_k_[0-9a-z][0-9_a-z]{15}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+m: secret_m_[0-9a-z][0-9_a-z]{16}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+n: secret_n_[0-9a-z][0-9_a-z]{17}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+p: secret_p_[0-9a-z][0-9_a-z]{18}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+q: secret_q_[0-9a-z][0-9_a-z]{19}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+r: secret_r_[0-9a-z][0-9_a-z]{20}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+s: secret_s_[0-9a-z][0-9_a-z]{21}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+t: secret_t_[0-9a-z][0-9_a-z]{22}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+u: secret_u_[0-9a-z][0-9_a-z]{23}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+v: secret_v_[0-9a-z][0-9_a-z]{24}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+w: secret_w_[0-9a-z][0-9_a-z]{25}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+x: secret_x_[0-9a-z][0-9_a-z]{26}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+y: secret_y_[0-9a-z][0-9_a-z]{27}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+z: secret_z_[0-9a-z][0-9_a-z]{28}[0-9a-z]_[2-9a-km-np-z]{32}[0-9_a-z]{8}
+</code></pre>
+<p>A scanner MAY use a literal prefilter for the fixed substring
<code>secret_</code> before applying one or more regexes from this section.
After a match has been validated as a Noisy Secret Tag, the implementation MAY
obtain a Candidate Domain as described in Section 9.8 for reporting or routing
purposes.</p>
+<p>The regexes in this section are for contiguous exact strings only.
Detection of values that have been line-wrapped, whitespace-separated,
truncated, or otherwise transformed is out of scope for this specification.</p>
+<h2>10. References</h2>
+<h3>10.1. Normative References</h3>
+<p>Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels",
BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <a
href="https://www.rfc-editor.org/info/rfc2119";>https://www.rfc-editor.org/info/rfc2119</a>.</p>
+<p>Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP
14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <a
href="https://www.rfc-editor.org/info/rfc8174";>https://www.rfc-editor.org/info/rfc8174</a>.</p>
+<p>Klensin, J., "Internationalized Domain Names for Applications (IDNA):
Definitions and Document Framework", RFC 5890, DOI 10.17487/RFC5890, August
2010, <a
href="https://www.rfc-editor.org/info/rfc5890";>https://www.rfc-editor.org/info/rfc5890</a>.</p>
+<p>Klensin, J., "Internationalized Domain Names in Applications (IDNA):
Protocol", RFC 5891, DOI 10.17487/RFC5891, August 2010, <a
href="https://www.rfc-editor.org/info/rfc5891";>https://www.rfc-editor.org/info/rfc5891</a>.</p>
+<h3>10.2. Informative References</h3>
+<p>Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC
1034, DOI 10.17487/RFC1034, November 1987, <a
href="https://www.rfc-editor.org/info/rfc1034";>https://www.rfc-editor.org/info/rfc1034</a>.</p>
+<p>Mockapetris, P., "Domain names - implementation and specification", STD 13,
RFC 1035, DOI 10.17487/RFC1035, November 1987, <a
href="https://www.rfc-editor.org/info/rfc1035";>https://www.rfc-editor.org/info/rfc1035</a>.</p>
+<p>Braden, R., Ed., "Requirements for Internet Hosts - Application and
Support", STD 3, RFC 1123, DOI 10.17487/RFC1123, October 1989, <a
href="https://www.rfc-editor.org/info/rfc1123";>https://www.rfc-editor.org/info/rfc1123</a>.</p>
+<p>Costello, A., "Punycode: A Bootstring encoding of Unicode for
Internationalized Domain Names in Applications (IDNA)", RFC 3492, DOI
10.17487/RFC3492, March 2003, <a
href="https://www.rfc-editor.org/info/rfc3492";>https://www.rfc-editor.org/info/rfc3492</a>.</p>
+<p>Reed, I. S. and G. Solomon, "Polynomial Codes Over Certain Finite Fields",
Journal of the Society for Industrial and Applied Mathematics, Vol. 8, No. 2,
pp. 300-304, June 1960, DOI 10.1137/0108018, <a
href="https://doi.org/10.1137/0108018";>https://doi.org/10.1137/0108018</a>.</p>
+<h2>Appendix A. Test Vectors</h2>
+<h3>Appendix A.1. Vector 1</h3>
+<pre><code>FQDN:
+ none
+Namespace:
+ "2"
+Payload:
+ "22222222222222222222222222222222"
+Padded Namespace Tag:
+ "2_______________________________"
+Even Message Tag:
+ "2_______________2222222222222222"
+Odd Message Tag:
+ "________________2222222222222222"
+Even field elements:
+ [ 2, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
+Odd field elements:
+ [10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
+Even Checksum Tag remainder:
+ [27, 20, 9, 26]
+Even Checksum Tag field elements:
+ [10, 17, 28, 11]
+Even Checksum Tag:
+ "_gra"
+Odd Checksum Tag remainder:
+ [12, 4, 26, 7]
+Odd Checksum Tag field elements:
+ [25, 33, 11, 30]
+Odd Checksum Tag:
+ "owat"
+Interleaved Checksum:
+ "_ogwraat"
+Noisy Secret Tag:
+ "secret_2_22222222222222222222222222222222_ogwraat"
+Noisy Secret Tag length:
+ 49
+</code></pre>
+<h3>Appendix A.2. Vector 2</h3>
+<pre><code>FQDN:
+ none
+Namespace:
+ "2"
+Payload:
+ "23456789abcdefghijkmnpqrstuvwxyz"
+Padded Namespace Tag:
+ "2_______________________________"
+Even Message Tag:
+ "2_______________2468acegiknqsuwy"
+Odd Message Tag:
+ "________________3579bdfhjmprtvxz"
+Even field elements:
+ [ 2, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
+ 2, 4, 6, 8, 11, 13, 15, 17, 19, 21, 24, 27, 29, 31, 33, 35]
+Odd field elements:
+ [10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
+ 3, 5, 7, 9, 12, 14, 16, 18, 20, 23, 26, 28, 30, 32, 34, 36]
+Even Checksum Tag remainder:
+ [36, 18, 8, 27]
+Even Checksum Tag field elements:
+ [1, 19, 29, 10]
+Even Checksum Tag:
+ "1is_"
+Odd Checksum Tag remainder:
+ [36, 1, 26, 34]
+Odd Checksum Tag field elements:
+ [1, 36, 11, 3]
+Odd Checksum Tag:
+ "1za3"
+Interleaved Checksum:
+ "11izsa_3"
+Noisy Secret Tag:
+ "secret_2_23456789abcdefghijkmnpqrstuvwxyz11izsa_3"
+Noisy Secret Tag length:
+ 49
+</code></pre>
+<h3>Appendix A.3. Vector 3</h3>
+<pre><code>FQDN:
+ "example.org"
+Namespace:
+ "e_org_example"
+Payload:
+ "22222222222222222222222222222222"
+Padded Namespace Tag:
+ "e_org_example___________________"
+Even Message Tag:
+ "eogeape_________2222222222222222"
+Odd Message Tag:
+ "_r_xml__________2222222222222222"
+Even field elements:
+ [15, 25, 17, 15, 11, 26, 15, 10, 10, 10, 10, 10, 10, 10, 10, 10,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
+Odd field elements:
+ [10, 28, 10, 34, 23, 22, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2]
+Even Checksum Tag remainder:
+ [35, 24, 24, 29]
+Even Checksum Tag field elements:
+ [2, 13, 13, 8]
+Even Checksum Tag:
+ "2cc8"
+Odd Checksum Tag remainder:
+ [14, 13, 26, 35]
+Odd Checksum Tag field elements:
+ [23, 24, 11, 2]
+Odd Checksum Tag:
+ "mna2"
+Interleaved Checksum:
+ "2mcnca82"
+Noisy Secret Tag:
+ "secret_e_org_example_222222222222222222222222222222222mcnca82"
+Noisy Secret Tag length:
+ 61
+</code></pre>
+<h3>Appendix A.4. Vector 4</h3>
+<pre><code>FQDN:
+ "example.org"
+Namespace:
+ "e_org_example"
+Payload:
+ "23456789abcdefghijkmnpqrstuvwxyz"
+Padded Namespace Tag:
+ "e_org_example___________________"
+Even Message Tag:
+ "eogeape_________2468acegiknqsuwy"
+Odd Message Tag:
+ "_r_xml__________3579bdfhjmprtvxz"
+Even field elements:
+ [15, 25, 17, 15, 11, 26, 15, 10, 10, 10, 10, 10, 10, 10, 10, 10,
+ 2, 4, 6, 8, 11, 13, 15, 17, 19, 21, 24, 27, 29, 31, 33, 35]
+Odd field elements:
+ [10, 28, 10, 34, 23, 22, 10, 10, 10, 10, 10, 10, 10, 10, 10, 10,
+ 3, 5, 7, 9, 12, 14, 16, 18, 20, 23, 26, 28, 30, 32, 34, 36]
+Even Checksum Tag remainder:
+ [7, 22, 23, 30]
+Even Checksum Tag field elements:
+ [30, 15, 14, 7]
+Even Checksum Tag:
+ "ted7"
+Odd Checksum Tag remainder:
+ [1, 10, 26, 25]
+Odd Checksum Tag field elements:
+ [36, 27, 11, 12]
+Odd Checksum Tag:
+ "zqab"
+Interleaved Checksum:
+ "tzeqda7b"
+Noisy Secret Tag:
+ "secret_e_org_example_23456789abcdefghijkmnpqrstuvwxyztzeqda7b"
+Noisy Secret Tag length:
+ 61
+</code></pre>
+
+ </div>
+ </div>
+</div> <!-- footer -->
+ <div class="row">
+ <div class="large-12 medium-12 columns">
+ <p style="font-style: italic; font-size: 0.8rem; text-align: center;">
+ Copyright 2026, <a href="https://www.apache.org/";>The Apache
Software Foundation</a>, Licensed under the <a
href="https://www.apache.org/licenses/LICENSE-2.0";>Apache License, Version
2.0</a>.<br>
+ Apache® and the Apache logo are trademarks or registered
trademarks of The Apache Software Foundation.
+ </p>
+ </div>
+ </div> </div>
+ </main>
+ <script src="/js/bootstrap.bundle.min.js"
integrity="sha384-TYMA+uAx4f43rilxPIhmlqA+Vi+xbyMe+YVR3BcL15NyHLqd+7WYNtyBPdayiOPx"></script>
+ <script>
+ document.addEventListener("DOMContentLoaded", () => {
+ function decodeHtmlEntities(str) {
+ const txt = document.createElement("textarea");
+ txt.innerHTML = str;
+ return txt.value;
+ }
+ document.querySelectorAll("pre > code.language-mermaid").forEach((code,
i) => {
+ let decoded = decodeHtmlEntities(code.innerHTML);
+ // Normalize whitespace
+ decoded = decoded.replace(/\t/g, " ");
+ decoded = decoded.replace(/^\s*\n/, "").replace(/\n\s*$/, "");
+ const div = document.createElement("div");
+ div.className = "mermaid";
+ div.textContent = decoded;
+ code.parentElement.replaceWith(div);
+ console.log(`=== Mermaid block ${i} ===`);
+ console.log(decoded);
+ });
+ // Mermaid v10+ runs asynchronously
+ mermaid.run({ querySelector: ".mermaid" })
+ .catch(err => {
+ console.error("Mermaid rendering failed:", err);
+ });
+ });
+ </script>
+ <script>hljs.highlightAll();</script> </body>
+</html>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
![https://apache.org/img/asf_logo.png"](https://apache.org/img/asf_logo.png"){kind=link}