In the examples below, the transport headers are omitted:
For example, for the abridged version of the transport », the client sends
0xefas the first byte (important: only prior to the very first data packet), then the packet length is encoded with a single byte (0x01-0x7e= data length divided by 4; or0x7ffollowed by 3 bytes (little endian) divided by 4) followed by the data itself. In this case, server responses have the same structure (although the server does not send0xefas the first byte). Detailed documentation on creating authorization keys is available here ».
Sent payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 74 F1 03 00 73 63 F4 69
0010 | 14 00 00 00 F1 8E 7E BE A9 F2 6F 02 F2 B5 A7 AB
0020 | 81 C8 B1 CF 07 A5 88 A3
Payload (de)serialization:
req_pq_multi#be7e8ef1 nonce:int128 = ResPQ;
| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 74F103007363F469 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | 14000000 (20 in decimal) |
Message body length |
| %(req_pq_multi) | 20, 4 | f18e7ebe |
req_pq_multi constructor number from TL schema |
| nonce | 24, 16 | A9F26F02F2B5A7AB81C8B1CF07A588A3 |
Random number |
Received payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 01 04 A9 B4 75 63 F4 69
0010 | 50 00 00 00 63 24 16 05 A9 F2 6F 02 F2 B5 A7 AB
0020 | 81 C8 B1 CF 07 A5 88 A3 51 8F 77 A0 CD 7F 36 7B
0030 | 0F 09 27 84 10 7F CB CA 08 33 B1 C3 85 07 92 EC
0040 | 3B 00 00 00 15 C4 B5 1C 03 00 00 00 85 FD 64 DE
0050 | 85 1D 9D D0 A5 B7 F7 09 35 5F C3 0B 21 6B E8 6C
0060 | 02 2B B4 C3
Payload (de)serialization:
resPQ#05162463 nonce:int128 server_nonce:int128 pq:string server_public_key_fingerprints:Vector<strlong> = ResPQ;
| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 0104A9B47563F469 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | 50000000 (80 in decimal) |
Message body length |
| %(resPQ) | 20, 4 | 63241605 |
resPQ constructor number from TL schema |
| nonce | 24, 16 | A9F26F02F2B5A7AB81C8B1CF07A588A3 |
Value generated by client in Step 1 |
| server_nonce | 40, 16 | 518F77A0CD7F367B0F092784107FCBCA |
Server-generated random number |
| pq | 56, 12 | 0833B1C3850792EC3B000000TL byte deserialization => bigendian conversion to decimal => 3724973342937246779 |
Single-byte prefix denoting length, an 8-byte string, and three bytes of padding |
| %(Vector strlong) | 68, 4 | 15c4b51c |
Vector t constructor number from TL schema |
| count | 72, 4 | 03000000 |
Number of elements in server_public_key_fingerprints |
| server_public_key_fingerprints[0] | 76, 8 | 85FD64DE851D9DD0 |
64 lower-order bits of SHA1(server_public_key) |
| server_public_key_fingerprints[1] | 84, 8 | A5B7F709355FC30B |
64 lower-order bits of SHA1(server_public_key) |
| server_public_key_fingerprints[2] | 92, 8 | 216BE86C022BB4C3 |
64 lower-order bits of SHA1(server_public_key) |
In our case, the client only has the following public keys, with the following fingerprints:
85FD64DE851D9DD0Let's choose the only matching key, the one with fingerprint equal to 85FD64DE851D9DD0.
pq = 3724973342937246779
Decompose into 2 prime cofactors p < q: 3724973342937246779 = 1902743879 * 1957685101
p = 1902743879
q = 1957685101
encrypted_data payload generationFirst of all, generate an encrypted_data payload as follows:
Generated payload (excluding transport headers/trailers):
0000 | 95 5F F5 A9 08 33 B1 C3 85 07 92 EC 3B 00 00 00
0010 | 04 71 69 91 47 00 00 00 04 74 AF E7 6D 00 00 00
0020 | A9 F2 6F 02 F2 B5 A7 AB 81 C8 B1 CF 07 A5 88 A3
0030 | 51 8F 77 A0 CD 7F 36 7B 0F 09 27 84 10 7F CB CA
0040 | 9F CD A4 2F 48 A0 61 BC 40 3A E1 90 8D 00 4F 5C
0050 | B5 59 7A D6 6E FE 09 19 DE E1 78 94 63 F5 F2 40
0060 | 02 00 00 00
Payload (de)serialization:
p_q_inner_data_dc#a9f55f95 pq:string p:string q:string nonce:int128 server_nonce:int128 new_nonce:int256 dc:int = P_Q_inner_data;
| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| %(p_q_inner_data_dc) | 0, 4 | 955ff5a9 |
p_q_inner_data_dc constructor number from TL schema |
| pq | 4, 12 | 0833B1C3850792EC3B000000TL byte deserialization => bigendian conversion to decimal => 3724973342937246779 |
Single-byte prefix denoting length, 8-byte string, and three bytes of padding |
| p | 16, 8 | 0471699147000000TL byte deserialization => bigendian conversion to decimal => 1902743879 |
First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
| q | 24, 8 | 0474AFE76D000000TL byte deserialization => bigendian conversion to decimal => 1957685101 |
Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
| nonce | 32, 16 | A9F26F02F2B5A7AB81C8B1CF07A588A3 |
Value generated by client in Step 1 |
| server_nonce | 48, 16 | 518F77A0CD7F367B0F092784107FCBCA |
Value received from server in Step 2 |
| new_nonce | 64, 32 | 9FCDA42F48A061BC403AE1908D004F5C B5597AD66EFE0919DEE1789463F5F240 |
Client-generated random number |
| dc | 96, 4 | 02000000 (2 in decimal) |
DC ID: 10000 (decimal) has to be added to the DC ID to connect to the test servers; it has to be made negative if the DC we're connecting to is a media (not CDN) DC. |
The serialization of P_Q_inner_data produces data, which is used to generate encrypted_data as specified in step 4.1.
These are the inputs to the algorithm specified in step 4.1:
data = 955FF5A90833B1C3850792EC3B00000004716991470000000474AFE76D000000A9F26F02F2B5A7AB81C8B1CF07A588A3518F77A0CD7F367B0F092784107FCBCA9FCDA42F48A061BC403AE1908D004F5CB5597AD66EFE0919DEE1789463F5F24002000000
random_padding_bytes = A9E1DAA0B210BED505E9F356D90776EDDA80E3F1D5D4E7CDEB63C188FFDC4833FB712286E90CDD33CDD7D7BC4CA7A1ED9F6245BD67056D32FF2E7FD016FC6103492193FC2973857FF595F09C3AC214BD72A796E0BFC3B37F0B722D6E
And this is the output:
encrypted_data = 6654B2F9D8F5BD1DDE1088385224CEEE8E3D1C8AE554BF29CAD3B4039ECB7987571EFB2B19CDEF8E6D2A675B43E06051CBFFDA332625E7AF8199EDE033448484592AD9B6976E34822BB7EE4328383206BF5A0DC398A992E428D6C2DEC5DD03A15C4900F61BAED5BA566A6EB9E880E99817E1F27AF745A83892378AFF16E04AD799163FC78099DD0D91B4A2B5FD1C5FF4F4470C1337D72D7C40C5C7015E808BB83773A3F9369BB90FA166ACA0897C34AF3A05E12EA216B7FB217B2D31D8873277A5D731DE19344BA7269E117B7A249409E097C883D689B40836E8FF2D2AF6D94BEA0DE7DA60AAB50B3E2A14AE4098C7351D47E8B2D8778976549119B1DA41BD71
The length of the final string is 256 bytes.
encrypted_dataSent payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 0C 92 09 00 73 63 F4 69
0010 | 40 01 00 00 BE E4 12 D7 A9 F2 6F 02 F2 B5 A7 AB
0020 | 81 C8 B1 CF 07 A5 88 A3 51 8F 77 A0 CD 7F 36 7B
0030 | 0F 09 27 84 10 7F CB CA 04 71 69 91 47 00 00 00
0040 | 04 74 AF E7 6D 00 00 00 85 FD 64 DE 85 1D 9D D0
0050 | FE 00 01 00 66 54 B2 F9 D8 F5 BD 1D DE 10 88 38
0060 | 52 24 CE EE 8E 3D 1C 8A E5 54 BF 29 CA D3 B4 03
0070 | 9E CB 79 87 57 1E FB 2B 19 CD EF 8E 6D 2A 67 5B
0080 | 43 E0 60 51 CB FF DA 33 26 25 E7 AF 81 99 ED E0
0090 | 33 44 84 84 59 2A D9 B6 97 6E 34 82 2B B7 EE 43
00A0 | 28 38 32 06 BF 5A 0D C3 98 A9 92 E4 28 D6 C2 DE
00B0 | C5 DD 03 A1 5C 49 00 F6 1B AE D5 BA 56 6A 6E B9
00C0 | E8 80 E9 98 17 E1 F2 7A F7 45 A8 38 92 37 8A FF
00D0 | 16 E0 4A D7 99 16 3F C7 80 99 DD 0D 91 B4 A2 B5
00E0 | FD 1C 5F F4 F4 47 0C 13 37 D7 2D 7C 40 C5 C7 01
00F0 | 5E 80 8B B8 37 73 A3 F9 36 9B B9 0F A1 66 AC A0
0100 | 89 7C 34 AF 3A 05 E1 2E A2 16 B7 FB 21 7B 2D 31
0110 | D8 87 32 77 A5 D7 31 DE 19 34 4B A7 26 9E 11 7B
0120 | 7A 24 94 09 E0 97 C8 83 D6 89 B4 08 36 E8 FF 2D
0130 | 2A F6 D9 4B EA 0D E7 DA 60 AA B5 0B 3E 2A 14 AE
0140 | 40 98 C7 35 1D 47 E8 B2 D8 77 89 76 54 91 19 B1
0150 | DA 41 BD 71
Payload (de)serialization:
req_DH_params#d712e4be nonce:int128 server_nonce:int128 p:string q:string public_key_fingerprint:long encrypted_data:string = Server_DH_Params;
| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 0C9209007363F469 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | 40010000 (320 in decimal) |
Message body length |
| %(req_DH_params) | 20, 4 | bee412d7 |
req_DH_params constructor number from TL schema |
| nonce | 24, 16 | A9F26F02F2B5A7AB81C8B1CF07A588A3 |
Value generated by client in Step 1 |
| server_nonce | 40, 16 | 518F77A0CD7F367B0F092784107FCBCA |
Value received from server in Step 2 |
| p | 56, 8 | 0471699147000000TL byte deserialization => bigendian conversion to decimal => 1902743879 |
First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
| q | 64, 8 | 0474AFE76D000000TL byte deserialization => bigendian conversion to decimal => 1957685101 |
Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
| public_key_fingerprint | 72, 8 | 85FD64DE851D9DD0 |
fingerprint of public key used |
| encrypted_data | 80, 260 | FE0001006654B2F9D8F5BD1DDE108838 5224CEEE8E3D1C8AE554BF29CAD3B403 9ECB7987571EFB2B19CDEF8E6D2A675B 43E06051CBFFDA332625E7AF8199EDE0 33448484592AD9B6976E34822BB7EE43 28383206BF5A0DC398A992E428D6C2DE C5DD03A15C4900F61BAED5BA566A6EB9 E880E99817E1F27AF745A83892378AFF 16E04AD799163FC78099DD0D91B4A2B5 FD1C5FF4F4470C1337D72D7C40C5C701 5E808BB83773A3F9369BB90FA166ACA0 897C34AF3A05E12EA216B7FB217B2D31 D8873277A5D731DE19344BA7269E117B 7A249409E097C883D689B40836E8FF2D 2AF6D94BEA0DE7DA60AAB50B3E2A14AE 4098C7351D47E8B2D8778976549119B1DA41BD71 |
Value generated above |
Received payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 01 48 DA 20 76 63 F4 69
0010 | 78 02 00 00 5C 07 E8 D0 A9 F2 6F 02 F2 B5 A7 AB
0020 | 81 C8 B1 CF 07 A5 88 A3 51 8F 77 A0 CD 7F 36 7B
0030 | 0F 09 27 84 10 7F CB CA FE 50 02 00 3B 81 8C 0D
0040 | 2D 28 BB 44 41 85 46 9D 0C 95 E7 4A E9 3F BA 98
0050 | B5 89 4B 9E E7 D5 28 C9 8F 3D CF A1 33 B3 70 9F
0060 | 97 25 B5 8F D3 69 9E DE 97 98 CB 85 35 09 69 AA
0070 | E7 B1 FE C9 7C 73 D8 9A C7 60 F5 56 CB 75 63 55
0080 | E2 C9 D6 5C DE CD 5B 81 1F 5C 98 7D 69 B0 D5 EC
0090 | 61 3F 97 F2 8C ED 0D 48 BB 68 DF EC E4 81 E8 76
00A0 | 30 2D 8A 5D 66 C4 7F EB 2A 37 62 47 4C 89 B6 1A
00B0 | 52 6A A6 7C E1 CD DB AC FD 70 68 78 03 A6 1B A5
00C0 | 35 5C 96 EF 5A E1 F6 AE 7B E6 A4 5E DA 06 40 53
00D0 | A2 0D 14 17 AA 3F 7A FE 6E 0A D2 99 41 43 9B 22
00E0 | CA 14 A7 5D E8 10 A9 7D 4F EA 79 0A 6C 7C CB C2
00F0 | B7 32 E9 1A 0C 4A 3F 09 0E 66 46 88 4E E4 1B 29
0100 | 9A BF E0 4D 32 25 EB 51 2D BB 9F 45 8F 2E CF 44
0110 | D2 D2 EF 39 CC 4F 1A C4 64 1E EA F5 D4 13 31 9C
0120 | 17 9F 79 60 83 CA B4 9A 50 39 16 0F 8B 42 8C 52
0130 | 41 41 1E B3 2B 21 CE E9 C9 E2 13 17 C5 CB AE D9
0140 | 3E E4 57 9C 0C 8D 89 54 58 5C 83 27 4C BE 72 22
0150 | 42 AC 2A DF 43 66 1F B5 4D 71 C6 9A 79 E3 3B 35
0160 | FF 03 00 0B AB A8 E9 BE C6 96 52 07 00 15 A9 4F
0170 | B4 C2 57 5C E8 57 93 AE DC 5D F5 07 E3 AB 9F CD
0180 | 84 10 91 AE DC A1 D0 E7 C1 15 5A F4 55 21 25 D6
0190 | 40 B2 BC 56 B8 94 B3 31 F3 54 22 7B 90 8A 12 61
01A0 | 29 EC 72 E7 CE C6 8C BC 9D 42 CF C3 5E 74 6C 1D
01B0 | 13 83 9A 01 1D 4E 73 85 76 A6 3D 3E 36 10 7B 3F
01C0 | 31 80 DD 3C 7F 40 FD C2 24 40 D6 82 F7 A5 77 9D
01D0 | 5C 5D 5B 57 D5 C4 C8 6E 56 AF E8 99 BB 0C 94 5A
01E0 | FC 45 99 95 B3 97 74 B0 38 81 04 C0 3A 85 50 CF
01F0 | 59 24 C2 DB BD C6 52 01 69 1A EF 1E C1 70 2D 2B
0200 | 2B E9 FE EB 3D 91 2D 35 51 CF C5 96 23 62 27 D3
0210 | 61 B5 B7 41 E3 79 82 56 7A 90 06 D6 B2 A9 E9 EE
0220 | EC F9 31 2F 34 CB 9A 12 43 7B FC 06 9E 37 94 A5
0230 | A6 8D 59 2D 23 58 FC 30 38 2D A5 25 1E 4B C9 82
0240 | EC DC 2B 2C 4D 1C D5 B2 01 B8 00 F2 A3 6D 9A B8
0250 | 93 EC 43 C9 F3 71 F0 44 BC 06 9F 8E 74 45 BC B5
0260 | B1 28 B4 81 5D DC 5A EA 9C C8 36 25 79 27 CF A5
0270 | 48 6B 19 EA 2A 31 41 20 D4 2E A8 9A E1 70 81 13
0280 | E5 D4 D4 9C C7 16 3C B7 ED CE 8C BA
Payload (de)serialization:
server_DH_params_ok#d0e8075c nonce:int128 server_nonce:int128 encrypted_answer:string = Server_DH_Params;
| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 0148DA207663F469 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | 78020000 (632 in decimal) |
Message body length |
| %(server_DH_params_ok) | 20, 4 | 5c07e8d0 |
server_DH_params_ok constructor number from TL schema |
| nonce | 24, 16 | A9F26F02F2B5A7AB81C8B1CF07A588A3 |
Value generated by client in Step 1 |
| server_nonce | 40, 16 | 518F77A0CD7F367B0F092784107FCBCA |
Value received from server in Step 2 |
| encrypted_answer | 56, 596 | FE5002003B818C0D2D28BB444185469D 0C95E74AE93FBA98B5894B9EE7D528C9 8F3DCFA133B3709F9725B58FD3699EDE 9798CB85350969AAE7B1FEC97C73D89A C760F556CB756355E2C9D65CDECD5B81 1F5C987D69B0D5EC613F97F28CED0D48 BB68DFECE481E876302D8A5D66C47FEB 2A3762474C89B61A526AA67CE1CDDBAC FD70687803A61BA5355C96EF5AE1F6AE 7BE6A45EDA064053A20D1417AA3F7AFE 6E0AD29941439B22CA14A75DE810A97D 4FEA790A6C7CCBC2B732E91A0C4A3F09 0E6646884EE41B299ABFE04D3225EB51 2DBB9F458F2ECF44D2D2EF39CC4F1AC4 641EEAF5D413319C179F796083CAB49A 5039160F8B428C5241411EB32B21CEE9 C9E21317C5CBAED93EE4579C0C8D8954 585C83274CBE722242AC2ADF43661FB5 4D71C69A79E33B35FF03000BABA8E9BE C69652070015A94FB4C2575CE85793AE DC5DF507E3AB9FCD841091AEDCA1D0E7 C1155AF4552125D640B2BC56B894B331 F354227B908A126129EC72E7CEC68CBC 9D42CFC35E746C1D13839A011D4E7385 76A63D3E36107B3F3180DD3C7F40FDC2 2440D682F7A5779D5C5D5B57D5C4C86E 56AFE899BB0C945AFC459995B39774B0 388104C03A8550CF5924C2DBBDC65201 691AEF1EC1702D2B2BE9FEEB3D912D35 51CFC596236227D361B5B741E3798256 7A9006D6B2A9E9EEECF9312F34CB9A12 437BFC069E3794A5A68D592D2358FC30 382DA5251E4BC982ECDC2B2C4D1CD5B2 01B800F2A36D9AB893EC43C9F371F044 BC069F8E7445BCB5B128B4815DDC5AEA 9CC836257927CFA5486B19EA2A314120 D42EA89AE1708113E5D4D49CC7163CB7EDCE8CBA |
See below |
Decrypt encrypted_answer using the reverse of the process specified in step 6:
encrypted_answer = 3B818C0D2D28BB444185469D0C95E74AE93FBA98B5894B9EE7D528C98F3DCFA133B3709F9725B58FD3699EDE9798CB85350969AAE7B1FEC97C73D89AC760F556CB756355E2C9D65CDECD5B811F5C987D69B0D5EC613F97F28CED0D48BB68DFECE481E876302D8A5D66C47FEB2A3762474C89B61A526AA67CE1CDDBACFD70687803A61BA5355C96EF5AE1F6AE7BE6A45EDA064053A20D1417AA3F7AFE6E0AD29941439B22CA14A75DE810A97D4FEA790A6C7CCBC2B732E91A0C4A3F090E6646884EE41B299ABFE04D3225EB512DBB9F458F2ECF44D2D2EF39CC4F1AC4641EEAF5D413319C179F796083CAB49A5039160F8B428C5241411EB32B21CEE9C9E21317C5CBAED93EE4579C0C8D8954585C83274CBE722242AC2ADF43661FB54D71C69A79E33B35FF03000BABA8E9BEC69652070015A94FB4C2575CE85793AEDC5DF507E3AB9FCD841091AEDCA1D0E7C1155AF4552125D640B2BC56B894B331F354227B908A126129EC72E7CEC68CBC9D42CFC35E746C1D13839A011D4E738576A63D3E36107B3F3180DD3C7F40FDC22440D682F7A5779D5C5D5B57D5C4C86E56AFE899BB0C945AFC459995B39774B0388104C03A8550CF5924C2DBBDC65201691AEF1EC1702D2B2BE9FEEB3D912D3551CFC596236227D361B5B741E37982567A9006D6B2A9E9EEECF9312F34CB9A12437BFC069E3794A5A68D592D2358FC30382DA5251E4BC982ECDC2B2C4D1CD5B201B800F2A36D9AB893EC43C9F371F044BC069F8E7445BCB5B128B4815DDC5AEA9CC836257927CFA5486B19EA2A314120D42EA89AE1708113E5D4D49CC7163CB7EDCE8CBA
tmp_aes_key = 9B0CE0384E96F28B79F669A878379584C9CFCC8C0D54C36FCA2EFC4F247622AA
tmp_aes_iv = 253942E784852E3F5C969687FE2EE6970DD289CC06D4B0F3DE1E6A029FCDA42F
Yielding:
answer_with_hash = C074B154E4CF47D2E18411B23A50272567ABFC7CBA0D89B5A9F26F02F2B5A7AB81C8B1CF07A588A3518F77A0CD7F367B0F092784107FCBCA03000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE000100172944F220B8046149727A2A7970383E24E5941CC4B2713348033B620BA0BA05EFDF2868093938B1BA260739BED7498B3474193868E99403FA5C0D88E6535DB78A103546819D691010C4DFE66CEEE426B5A798D271D9D209BEFA7CBA95E0878AA8469F81EB4A9C44D8267F8CAF0AE037EBAC27AD2F440726CF9EB6EDAC747D1833677DAA50DD365B1C2B134CFDD6161F9DEB07328D12DEED554869D8C50AD08CD2FDC93A046ACDD557B2D5C3A300E2E500C2453E9CE29F16FFAD908EAD72F2DA53B8478AF43D070FF5CE4E9C0FB317D77CAA809F2F7E5F0A5D895A856DADDB7077D2F1929B4C9AEA76F664DAD15C07EC9D2A258F9E9B0819C53321A3D641D9957663F4694E338F56A7758E8E
answer = BA0D89B5A9F26F02F2B5A7AB81C8B1CF07A588A3518F77A0CD7F367B0F092784107FCBCA03000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE000100172944F220B8046149727A2A7970383E24E5941CC4B2713348033B620BA0BA05EFDF2868093938B1BA260739BED7498B3474193868E99403FA5C0D88E6535DB78A103546819D691010C4DFE66CEEE426B5A798D271D9D209BEFA7CBA95E0878AA8469F81EB4A9C44D8267F8CAF0AE037EBAC27AD2F440726CF9EB6EDAC747D1833677DAA50DD365B1C2B134CFDD6161F9DEB07328D12DEED554869D8C50AD08CD2FDC93A046ACDD557B2D5C3A300E2E500C2453E9CE29F16FFAD908EAD72F2DA53B8478AF43D070FF5CE4E9C0FB317D77CAA809F2F7E5F0A5D895A856DADDB7077D2F1929B4C9AEA76F664DAD15C07EC9D2A258F9E9B0819C53321A3D641D9957663F4694E338F56A7758E8E
Generated payload (excluding transport headers/trailers):
0000 | BA 0D 89 B5 A9 F2 6F 02 F2 B5 A7 AB 81 C8 B1 CF
0010 | 07 A5 88 A3 51 8F 77 A0 CD 7F 36 7B 0F 09 27 84
0020 | 10 7F CB CA 03 00 00 00 FE 00 01 00 C7 1C AE B9
0030 | C6 B1 C9 04 8E 6C 52 2F 70 F1 3F 73 98 0D 40 23
0040 | 8E 3E 21 C1 49 34 D0 37 56 3D 93 0F 48 19 8A 0A
0050 | A7 C1 40 58 22 94 93 D2 25 30 F4 DB FA 33 6F 6E
0060 | 0A C9 25 13 95 43 AE D4 4C CE 7C 37 20 FD 51 F6
0070 | 94 58 70 5A C6 8C D4 FE 6B 6B 13 AB DC 97 46 51
0080 | 29 69 32 84 54 F1 8F AF 8C 59 5F 64 24 77 FE 96
0090 | BB 2A 94 1D 5B CD 1D 4A C8 CC 49 88 07 08 FA 9B
00A0 | 37 8E 3C 4F 3A 90 60 BE E6 7C F9 A4 A4 A6 95 81
00B0 | 10 51 90 7E 16 27 53 B5 6B 0F 6B 41 0D BA 74 D8
00C0 | A8 4B 2A 14 B3 14 4E 0E F1 28 47 54 FD 17 ED 95
00D0 | 0D 59 65 B4 B9 DD 46 58 2D B1 17 8D 16 9C 6B C4
00E0 | 65 B0 D6 FF 9C A3 92 8F EF 5B 9A E4 E4 18 FC 15
00F0 | E8 3E BE A0 F8 7F A9 FF 5E ED 70 05 0D ED 28 49
0100 | F4 7B F9 59 D9 56 85 0C E9 29 85 1F 0D 81 15 F6
0110 | 35 B1 05 EE 2E 4E 15 D0 4B 24 54 BF 6F 4F AD F0
0120 | 34 B1 04 03 11 9C D8 E3 B9 2F CC 5B FE 00 01 00
0130 | 17 29 44 F2 20 B8 04 61 49 72 7A 2A 79 70 38 3E
0140 | 24 E5 94 1C C4 B2 71 33 48 03 3B 62 0B A0 BA 05
0150 | EF DF 28 68 09 39 38 B1 BA 26 07 39 BE D7 49 8B
0160 | 34 74 19 38 68 E9 94 03 FA 5C 0D 88 E6 53 5D B7
0170 | 8A 10 35 46 81 9D 69 10 10 C4 DF E6 6C EE E4 26
0180 | B5 A7 98 D2 71 D9 D2 09 BE FA 7C BA 95 E0 87 8A
0190 | A8 46 9F 81 EB 4A 9C 44 D8 26 7F 8C AF 0A E0 37
01A0 | EB AC 27 AD 2F 44 07 26 CF 9E B6 ED AC 74 7D 18
01B0 | 33 67 7D AA 50 DD 36 5B 1C 2B 13 4C FD D6 16 1F
01C0 | 9D EB 07 32 8D 12 DE ED 55 48 69 D8 C5 0A D0 8C
01D0 | D2 FD C9 3A 04 6A CD D5 57 B2 D5 C3 A3 00 E2 E5
01E0 | 00 C2 45 3E 9C E2 9F 16 FF AD 90 8E AD 72 F2 DA
01F0 | 53 B8 47 8A F4 3D 07 0F F5 CE 4E 9C 0F B3 17 D7
0200 | 7C AA 80 9F 2F 7E 5F 0A 5D 89 5A 85 6D AD DB 70
0210 | 77 D2 F1 92 9B 4C 9A EA 76 F6 64 DA D1 5C 07 EC
0220 | 9D 2A 25 8F 9E 9B 08 19 C5 33 21 A3 D6 41 D9 95
0230 | 76 63 F4 69
Payload (de)serialization:
server_DH_inner_data#b5890dba nonce:int128 server_nonce:int128 g:int dh_prime:string g_a:string server_time:int = Server_DH_inner_data;
| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| %(server_DH_inner_data) | 0, 4 | ba0d89b5 |
server_DH_inner_data constructor number from TL schema |
| nonce | 4, 16 | A9F26F02F2B5A7AB81C8B1CF07A588A3 |
Value generated by client in Step 1 |
| server_nonce | 20, 16 | 518F77A0CD7F367B0F092784107FCBCA |
Value received from server in Step 2 |
| g | 36, 4 | 03000000 (3 in decimal) |
Value received from server in Step 2 |
| dh_prime | 40, 260 | FE000100C71CAEB9C6B1C9048E6C522F 70F13F73980D40238E3E21C14934D037 563D930F48198A0AA7C14058229493D2 2530F4DBFA336F6E0AC925139543AED4 4CCE7C3720FD51F69458705AC68CD4FE 6B6B13ABDC9746512969328454F18FAF 8C595F642477FE96BB2A941D5BCD1D4A C8CC49880708FA9B378E3C4F3A9060BE E67CF9A4A4A695811051907E162753B5 6B0F6B410DBA74D8A84B2A14B3144E0E F1284754FD17ED950D5965B4B9DD4658 2DB1178D169C6BC465B0D6FF9CA3928F EF5B9AE4E418FC15E83EBEA0F87FA9FF 5EED70050DED2849F47BF959D956850C E929851F0D8115F635B105EE2E4E15D0 4B2454BF6F4FADF034B10403119CD8E3B92FCC5B |
2048-bit prime, in big-endian byte order, to be checked as specified in the auth key docs |
| g_a | 300, 260 | FE000100172944F220B8046149727A2A 7970383E24E5941CC4B2713348033B62 0BA0BA05EFDF2868093938B1BA260739 BED7498B3474193868E99403FA5C0D88 E6535DB78A103546819D691010C4DFE6 6CEEE426B5A798D271D9D209BEFA7CBA 95E0878AA8469F81EB4A9C44D8267F8C AF0AE037EBAC27AD2F440726CF9EB6ED AC747D1833677DAA50DD365B1C2B134C FDD6161F9DEB07328D12DEED554869D8 C50AD08CD2FDC93A046ACDD557B2D5C3 A300E2E500C2453E9CE29F16FFAD908E AD72F2DA53B8478AF43D070FF5CE4E9C 0FB317D77CAA809F2F7E5F0A5D895A85 6DADDB7077D2F1929B4C9AEA76F664DA D15C07EC9D2A258F9E9B0819C53321A3D641D995 |
g_a diffie-hellman parameter |
| server_time | 560, 4 | 7663F469 (1777623926 in decimal) |
Server time |
First, generate a secure random 2048-bit number b:
b = FA47306E339D0344F6570766CD139CDB239C2EBD5D1B624EC9BAB9049F95C474F1BE820948029CC4FC10527EE93DAA7A8872A0A226C6A94711A05C45922B83BDB580F454816DCC4D9A0601A7C7DA5825A5FB4D2F8C020B9F14ECB7101772E7D3CD28C43CD9364AD11F9906306D78A03C1FB76542D893C5565DF22702A38CC90C2CD3AD526BD26E2BAD07C05D97A6AEC34DDA6E2A736B1C7D1701A88949497B86E5212B1D322AE99286765ADEAF106A176F3A57CB377015665BC76980DC6D2B1FFAD56C8A3FAF8B2F38A4EB9642FC55E0FA78C40B8DFA9234F974276092E3516DC185068D74AF86B98E38F59FF14BEE03D2DE19BC306B9A654F12343CC8B0EC64
Then compute g_b = pow(g, b) mod dh_prime
g_b = 23F236482BE09ADDC0CC046B0B0EA5151CF4E7C1DB13D35B932E710476BCD4E822AEB6DD392FC3C957743C4C4DC175138D353051EAED44E4C2778CD2E528DD1B842E6A06D37DC9D20364E78850695DD50A9B4A76246A0C1F71EA56FD31A7878B0F3B0CF16F02DB0D68B28F6FF68E9BBF82166166FAD4470B12DD43C1A0BDA03921E094EE32590974E459421F29451BDA8022D183A9DDE03BA838493A203D0338395762799A715BFDD35C7BA7A05DDF6CC22F954E758259D610A21A3D6D693FE019758A790252BE0B5FAE833D466CFF436F7E968CAF9280EA30F13FE64C135DDDAB6106EF13031B34AA7C25CCCFE8976735337E9933B3751A5695471B38083773
Generated payload (excluding transport headers/trailers):
0000 | 54 B6 43 66 A9 F2 6F 02 F2 B5 A7 AB 81 C8 B1 CF
0010 | 07 A5 88 A3 51 8F 77 A0 CD 7F 36 7B 0F 09 27 84
0020 | 10 7F CB CA 00 00 00 00 00 00 00 00 FE 00 01 00
0030 | 23 F2 36 48 2B E0 9A DD C0 CC 04 6B 0B 0E A5 15
0040 | 1C F4 E7 C1 DB 13 D3 5B 93 2E 71 04 76 BC D4 E8
0050 | 22 AE B6 DD 39 2F C3 C9 57 74 3C 4C 4D C1 75 13
0060 | 8D 35 30 51 EA ED 44 E4 C2 77 8C D2 E5 28 DD 1B
0070 | 84 2E 6A 06 D3 7D C9 D2 03 64 E7 88 50 69 5D D5
0080 | 0A 9B 4A 76 24 6A 0C 1F 71 EA 56 FD 31 A7 87 8B
0090 | 0F 3B 0C F1 6F 02 DB 0D 68 B2 8F 6F F6 8E 9B BF
00A0 | 82 16 61 66 FA D4 47 0B 12 DD 43 C1 A0 BD A0 39
00B0 | 21 E0 94 EE 32 59 09 74 E4 59 42 1F 29 45 1B DA
00C0 | 80 22 D1 83 A9 DD E0 3B A8 38 49 3A 20 3D 03 38
00D0 | 39 57 62 79 9A 71 5B FD D3 5C 7B A7 A0 5D DF 6C
00E0 | C2 2F 95 4E 75 82 59 D6 10 A2 1A 3D 6D 69 3F E0
00F0 | 19 75 8A 79 02 52 BE 0B 5F AE 83 3D 46 6C FF 43
0100 | 6F 7E 96 8C AF 92 80 EA 30 F1 3F E6 4C 13 5D DD
0110 | AB 61 06 EF 13 03 1B 34 AA 7C 25 CC CF E8 97 67
0120 | 35 33 7E 99 33 B3 75 1A 56 95 47 1B 38 08 37 73
Payload (de)serialization:
client_DH_inner_data#6643b654 nonce:int128 server_nonce:int128 retry_id:long g_b:string = Client_DH_Inner_Data;
| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| %(client_DH_inner_data) | 0, 4 | 54b64366 |
client_DH_inner_data constructor number from TL schema |
| nonce | 4, 16 | A9F26F02F2B5A7AB81C8B1CF07A588A3 |
Value generated by client in Step 1 |
| server_nonce | 20, 16 | 518F77A0CD7F367B0F092784107FCBCA |
Value received from server in Step 2 |
| g_b | 36, 260 | FE00010023F236482BE09ADDC0CC046B 0B0EA5151CF4E7C1DB13D35B932E7104 76BCD4E822AEB6DD392FC3C957743C4C 4DC175138D353051EAED44E4C2778CD2 E528DD1B842E6A06D37DC9D20364E788 50695DD50A9B4A76246A0C1F71EA56FD 31A7878B0F3B0CF16F02DB0D68B28F6F F68E9BBF82166166FAD4470B12DD43C1 A0BDA03921E094EE32590974E459421F 29451BDA8022D183A9DDE03BA838493A 203D0338395762799A715BFDD35C7BA7 A05DDF6CC22F954E758259D610A21A3D 6D693FE019758A790252BE0B5FAE833D 466CFF436F7E968CAF9280EA30F13FE6 4C135DDDAB6106EF13031B34AA7C25CC CFE8976735337E9933B3751A5695471B38083773 |
Single-byte prefix denoting length, a 256-byte (2048-bit) string, and zero bytes of padding |
| retry_id | 296, 8 | 0000000000000000 |
Equal to zero at the time of the first attempt; otherwise, it is equal to auth_key_aux_hash from the previous failed attempt (see Item 7). |
The serialization of Client_DH_Inner_Data produces a string data. This is used to generate encrypted_data as specified in step 6, using the following inputs:
data = 54B64366A9F26F02F2B5A7AB81C8B1CF07A588A3518F77A0CD7F367B0F092784107FCBCA0000000000000000FE00010023F236482BE09ADDC0CC046B0B0EA5151CF4E7C1DB13D35B932E710476BCD4E822AEB6DD392FC3C957743C4C4DC175138D353051EAED44E4C2778CD2E528DD1B842E6A06D37DC9D20364E78850695DD50A9B4A76246A0C1F71EA56FD31A7878B0F3B0CF16F02DB0D68B28F6FF68E9BBF82166166FAD4470B12DD43C1A0BDA03921E094EE32590974E459421F29451BDA8022D183A9DDE03BA838493A203D0338395762799A715BFDD35C7BA7A05DDF6CC22F954E758259D610A21A3D6D693FE019758A790252BE0B5FAE833D466CFF436F7E968CAF9280EA30F13FE64C135DDDAB6106EF13031B34AA7C25CCCFE8976735337E9933B3751A5695471B38083773
padding = 8E72FE8904AB980FB48E7544
tmp_aes_key = 9B0CE0384E96F28B79F669A878379584C9CFCC8C0D54C36FCA2EFC4F247622AA
tmp_aes_iv = 253942E784852E3F5C969687FE2EE6970DD289CC06D4B0F3DE1E6A029FCDA42F
Process:
data_with_hash := SHA1(data) + data + padding (0-15 random bytes such that total length is divisible by 16)
encrypted_data := AES256_ige_encrypt (data_with_hash, tmp_aes_key, tmp_aes_iv);
Output:
encrypted_data = 3D9C0407A2893B6E6A04C12D78AB2B1E8EDB18A74297E2DBA368189E994D51E10FC08957B40A3A609CE856575EABDFA72B92C101C38C2DFF54C3335772CE5C6311541B679407191C44E3704869AEBFA42D7C058F7C5AE32AFB5D05EDF67BACB83D2480C0616E345D201BA9EFBD3CBE70415391A85506545EA8C3A328A2AFB973C26122A11470C59E460CFDCBDB0A73C183912F00DAE35D08564440809EDB660521B1AF0A6E47C0F5B6FD0266E3C9C6358AD87F09A7BB1EBE31C011D3AA7FB488A7DBD5122FA521EA3DC36013BD8436643214E859CF7D85583FD9BB20598B9A7028348C81F3E5A1C3A2A56A54A3AAF9827DE1276F2AD74D2C759A63557E3830ADD130D9EA22E439F944DF24F7B93E0254DEBA3B26A1AC93C6B4013E4646D7DC3C7B7CF72824724ABD42529208FF8CE39DA10D05E3A53D9B6AE89CDD96AB92FF55A63A6506CE8AABED7CB254B2BB64A02C
The length of the final string is 336 bytes.
Sent payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 4C FA 06 00 76 63 F4 69
0010 | 78 01 00 00 1F 5F 04 F5 A9 F2 6F 02 F2 B5 A7 AB
0020 | 81 C8 B1 CF 07 A5 88 A3 51 8F 77 A0 CD 7F 36 7B
0030 | 0F 09 27 84 10 7F CB CA FE 50 01 00 3D 9C 04 07
0040 | A2 89 3B 6E 6A 04 C1 2D 78 AB 2B 1E 8E DB 18 A7
0050 | 42 97 E2 DB A3 68 18 9E 99 4D 51 E1 0F C0 89 57
0060 | B4 0A 3A 60 9C E8 56 57 5E AB DF A7 2B 92 C1 01
0070 | C3 8C 2D FF 54 C3 33 57 72 CE 5C 63 11 54 1B 67
0080 | 94 07 19 1C 44 E3 70 48 69 AE BF A4 2D 7C 05 8F
0090 | 7C 5A E3 2A FB 5D 05 ED F6 7B AC B8 3D 24 80 C0
00A0 | 61 6E 34 5D 20 1B A9 EF BD 3C BE 70 41 53 91 A8
00B0 | 55 06 54 5E A8 C3 A3 28 A2 AF B9 73 C2 61 22 A1
00C0 | 14 70 C5 9E 46 0C FD CB DB 0A 73 C1 83 91 2F 00
00D0 | DA E3 5D 08 56 44 40 80 9E DB 66 05 21 B1 AF 0A
00E0 | 6E 47 C0 F5 B6 FD 02 66 E3 C9 C6 35 8A D8 7F 09
00F0 | A7 BB 1E BE 31 C0 11 D3 AA 7F B4 88 A7 DB D5 12
0100 | 2F A5 21 EA 3D C3 60 13 BD 84 36 64 32 14 E8 59
0110 | CF 7D 85 58 3F D9 BB 20 59 8B 9A 70 28 34 8C 81
0120 | F3 E5 A1 C3 A2 A5 6A 54 A3 AA F9 82 7D E1 27 6F
0130 | 2A D7 4D 2C 75 9A 63 55 7E 38 30 AD D1 30 D9 EA
0140 | 22 E4 39 F9 44 DF 24 F7 B9 3E 02 54 DE BA 3B 26
0150 | A1 AC 93 C6 B4 01 3E 46 46 D7 DC 3C 7B 7C F7 28
0160 | 24 72 4A BD 42 52 92 08 FF 8C E3 9D A1 0D 05 E3
0170 | A5 3D 9B 6A E8 9C DD 96 AB 92 FF 55 A6 3A 65 06
0180 | CE 8A AB ED 7C B2 54 B2 BB 64 A0 2C
Payload (de)serialization:
set_client_DH_params#f5045f1f nonce:int128 server_nonce:int128 encrypted_data:string = Set_client_DH_params_answer;
| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 4CFA06007663F469 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | 78010000 (376 in decimal) |
Message body length |
| %(set_client_DH_params) | 20, 4 | 1f5f04f5 |
set_client_DH_params constructor number from TL schema |
| nonce | 24, 16 | A9F26F02F2B5A7AB81C8B1CF07A588A3 |
Value generated by client in Step 1 |
| server_nonce | 40, 16 | 518F77A0CD7F367B0F092784107FCBCA |
Value received from server in Step 2 |
| encrypted_data | 56, 340 | FE5001003D9C0407A2893B6E6A04C12D 78AB2B1E8EDB18A74297E2DBA368189E 994D51E10FC08957B40A3A609CE85657 5EABDFA72B92C101C38C2DFF54C33357 72CE5C6311541B679407191C44E37048 69AEBFA42D7C058F7C5AE32AFB5D05ED F67BACB83D2480C0616E345D201BA9EF BD3CBE70415391A85506545EA8C3A328 A2AFB973C26122A11470C59E460CFDCB DB0A73C183912F00DAE35D0856444080 9EDB660521B1AF0A6E47C0F5B6FD0266 E3C9C6358AD87F09A7BB1EBE31C011D3 AA7FB488A7DBD5122FA521EA3DC36013 BD8436643214E859CF7D85583FD9BB20 598B9A7028348C81F3E5A1C3A2A56A54 A3AAF9827DE1276F2AD74D2C759A6355 7E3830ADD130D9EA22E439F944DF24F7 B93E0254DEBA3B26A1AC93C6B4013E46 46D7DC3C7B7CF72824724ABD42529208 FF8CE39DA10D05E3A53D9B6AE89CDD96 AB92FF55A63A6506CE8AABED7CB254B2BB64A02C |
Encrypted client_DH_inner_data generated previously, serialized as a TL byte string |
The client computes the auth_key using formula g_a^b mod dh_prime:
auth_key = 45E274167385E6F6E83F6D786633D9665DFB0B91693DF86C4F5FA5137AEC6A08260D72D7330C9BE284254A4F88BB3206687F95F8A9AC89FA33C38D909046013AAA2468866D5A527414E0AB146DD1EF563D8966A5B2112F8F1BBF6500253E513AE7AD792F62B90B35C8ED70BD25CFDAE9FC2A3F32EDCEE3AFD2192743AD2C7D4B68679C454302676F8D931DEA4ED5B530458FBCA8EE1F68995565BFB8AC56C6CFC538CC88577A7CB4B206EC2C9E3E2B6226AF28FEB8A5BAE82BA71C9EE1C672E240BDFD25AD75D20DBFBB4312A28CE44044F5425F883F70C2BD504E7F56B1FC8250960CE65C8AF17FE32684C239DCA73575330EC44F48B688F03A5110D89C1A99
The server verifies and confirms that auth_key_hash is unique: since it's unique, it replies with the following:
Received payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 01 08 59 60 77 63 F4 69
0010 | 34 00 00 00 34 F7 CB 3B A9 F2 6F 02 F2 B5 A7 AB
0020 | 81 C8 B1 CF 07 A5 88 A3 51 8F 77 A0 CD 7F 36 7B
0030 | 0F 09 27 84 10 7F CB CA 8B 6E 53 10 E8 54 1F 45
0040 | 19 8C E3 97 F4 C6 7B 8E
Payload (de)serialization:
dh_gen_ok#3bcbf734 nonce:int128 server_nonce:int128 new_nonce_hash1:int128 = Set_client_DH_params_answer;
| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 010859607763F469 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | 34000000 (52 in decimal) |
Message body length |
| %(dh_gen_ok) | 20, 4 | 34f7cb3b |
dh_gen_ok constructor number from TL schema |
| nonce | 24, 16 | A9F26F02F2B5A7AB81C8B1CF07A588A3 |
Value generated by client in Step 1 |
| server_nonce | 40, 16 | 518F77A0CD7F367B0F092784107FCBCA |
Value received from server in Step 2 |
| new_nonce_hash1 | 56, 16 | 8B6E5310E8541F45198CE397F4C67B8E |
The 128 lower-order bits of SHA1 of the byte string derived from the new_nonce string by adding a single byte with the value of 1, 2, or 3, and followed by another 8 bytes with auth_key_aux_hash. Different values are required to prevent an intruder from changing server response dh_gen_ok into dh_gen_retry. |