In the examples below, the transport headers are omitted:
For example, for the abridged version of the transport », the client sends
0xefas the first byte (important: only prior to the very first data packet), then the packet length is encoded with a single byte (0x01-0x7e= data length divided by 4; or0x7ffollowed by 3 bytes (little endian) divided by 4) followed by the data itself. In this case, server responses have the same structure (although the server does not send0xefas the first byte).
Detailed documentation on creating authorization keys is available here ».
Sent payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 10 7D 0D 00 E4 E8 B6 68
0010 | 14 00 00 00 F1 8E 7E BE 90 D3 E0 A1 91 0F E0 B7
0020 | 78 7C 77 60 A7 03 03 4FPayload (de)serialization:
req_pq_multi#be7e8ef1 nonce:int128 = ResPQ;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 107D0D00E4E8B668 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | 14000000 (20 in decimal) |
Message body length |
| %(req_pq_multi) | 20, 4 | f18e7ebe |
req_pq_multi constructor number from TL schema |
| nonce | 24, 16 | 90D3E0A1910FE0B7787C7760A703034F |
Random number |
Received payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 01 04 D1 E5 E4 E8 B6 68
0010 | 50 00 00 00 63 24 16 05 90 D3 E0 A1 91 0F E0 B7
0020 | 78 7C 77 60 A7 03 03 4F 0D D3 27 24 AE 41 E7 4D
0030 | 3C 05 6A B0 69 7A 08 30 08 1C 37 0C 86 76 0B B9
0040 | A9 00 00 00 15 C4 B5 1C 03 00 00 00 85 FD 64 DE
0050 | 85 1D 9D D0 A5 B7 F7 09 35 5F C3 0B 21 6B E8 6C
0060 | 02 2B B4 C3Payload (de)serialization:
resPQ#05162463 nonce:int128 server_nonce:int128 pq:string server_public_key_fingerprints:Vector<strlong> = ResPQ;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 0104D1E5E4E8B668 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | 50000000 (80 in decimal) |
Message body length |
| %(resPQ) | 20, 4 | 63241605 |
resPQ constructor number from TL schema |
| nonce | 24, 16 | 90D3E0A1910FE0B7787C7760A703034F |
Value generated by client in Step 1 |
| server_nonce | 40, 16 | 0DD32724AE41E74D3C056AB0697A0830 |
Server-generated random number |
| pq | 56, 12 | 081C370C86760BB9A9000000TL byte deserialization => bigendian conversion to decimal => 2033107528426699177 |
Single-byte prefix denoting length, an 8-byte string, and three bytes of padding |
| %(Vector strlong) | 68, 4 | 15c4b51c |
Vector t constructor number from TL schema |
| count | 72, 4 | 03000000 |
Number of elements in server_public_key_fingerprints |
| server_public_key_fingerprints[0] | 76, 8 | 85FD64DE851D9DD0 |
64 lower-order bits of SHA1(server_public_key) |
| server_public_key_fingerprints[1] | 84, 8 | A5B7F709355FC30B |
64 lower-order bits of SHA1(server_public_key) |
| server_public_key_fingerprints[2] | 92, 8 | 216BE86C022BB4C3 |
64 lower-order bits of SHA1(server_public_key) |
In our case, the client only has the following public keys, with the following fingerprints:
85FD64DE851D9DD0Let's choose the only matching key, the one with fingerprint equal to 85FD64DE851D9DD0.
pq = 2033107528426699177Decompose into 2 prime cofactors p < q: 2033107528426699177 = 1140387769 * 1782821233
p = 1140387769
q = 1782821233encrypted_data payload generationFirst of all, generate an encrypted_data payload as follows:
Generated payload (excluding transport headers/trailers):
0000 | 95 5F F5 A9 08 1C 37 0C 86 76 0B B9 A9 00 00 00
0010 | 04 43 F8 EF B9 00 00 00 04 6A 43 B1 71 00 00 00
0020 | 90 D3 E0 A1 91 0F E0 B7 78 7C 77 60 A7 03 03 4F
0030 | 0D D3 27 24 AE 41 E7 4D 3C 05 6A B0 69 7A 08 30
0040 | 8A 10 FD 03 06 9D A5 DC 0F 38 F4 1C 8C 5D 44 46
0050 | 66 00 42 4A E5 BF C8 0E 9D B1 6E 4D 28 29 6E 42
0060 | 02 00 00 00Payload (de)serialization:
p_q_inner_data_dc#a9f55f95 pq:string p:string q:string nonce:int128 server_nonce:int128 new_nonce:int256 dc:int = P_Q_inner_data;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| %(p_q_inner_data_dc) | 0, 4 | 955ff5a9 |
p_q_inner_data_dc constructor number from TL schema |
| pq | 4, 12 | 081C370C86760BB9A9000000TL byte deserialization => bigendian conversion to decimal => 2033107528426699177 |
Single-byte prefix denoting length, 8-byte string, and three bytes of padding |
| p | 16, 8 | 0443F8EFB9000000TL byte deserialization => bigendian conversion to decimal => 1140387769 |
First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
| q | 24, 8 | 046A43B171000000TL byte deserialization => bigendian conversion to decimal => 1782821233 |
Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
| nonce | 32, 16 | 90D3E0A1910FE0B7787C7760A703034F |
Value generated by client in Step 1 |
| server_nonce | 48, 16 | 0DD32724AE41E74D3C056AB0697A0830 |
Value received from server in Step 2 |
| new_nonce | 64, 32 | 8A10FD03069DA5DC0F38F41C8C5D4446 6600424AE5BFC80E9DB16E4D28296E42 |
Client-generated random number |
| dc | 96, 4 | 02000000 (2 in decimal) |
DC ID: 10000 (decimal) has to be added to the DC ID to connect to the test servers; it has to be made negative if the DC we're connecting to is a media (not CDN) DC. |
The serialization of P_Q_inner_data produces data, which is used to generate encrypted_data as specified in step 4.1.
These are the inputs to the algorithm specified in step 4.1:
data = 955FF5A9081C370C86760BB9A90000000443F8EFB9000000046A43B17100000090D3E0A1910FE0B7787C7760A703034F0DD32724AE41E74D3C056AB0697A08308A10FD03069DA5DC0F38F41C8C5D44466600424AE5BFC80E9DB16E4D28296E4202000000
random_padding_bytes = 827FC6F1711641E6B6168748BFF3E4D38AB19EAC69F827371B1F534AC3FAB26AF7A7BD6EFF0F56743A0534B7DEC157E8F9CE7EE1FC67303C1BCBB2DDB092F44C96A093AE769B23112183D3E06C2F5DC0A66756B5D9D35217FD81178DAnd this is the output:
encrypted_data = AD9AD1F94C9B2322A69C660734BF2B5538BB8D5DC3E249774720A6725AF3F0ACE47C954E67DF88BE1A9B4AA2944480673328B3DF3881B2BB2AF5CC405BAB863E2F1C4EF5E4A1201FCA2009B3ED3669EC73411B014CCE84A67BC84D72C4023EE520B936BD54C55F98539B585DB5C9875098636E0DA90FD50F5E72C35E3CBCE43180440245C74C88917FA92B7859BEA03977A4772E0FDBEA9972B52BDEF3B1EEBDD1C921364D5EC64CA5F089DEB19425560BD5A2A7FEC42E7036B6FBD2C4188C4173268ECCAC66E53FCE5B64D36EF6900B885C01FFB06F162AE518898873143AE10F55A57610481A1A62C105B7F25CC2446C81FA538A7437C087C8F3A6E07B722FThe length of the final string is 256 bytes.
encrypted_dataSent payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 14 7D 0D 00 E4 E8 B6 68
0010 | 40 01 00 00 BE E4 12 D7 90 D3 E0 A1 91 0F E0 B7
0020 | 78 7C 77 60 A7 03 03 4F 0D D3 27 24 AE 41 E7 4D
0030 | 3C 05 6A B0 69 7A 08 30 04 43 F8 EF B9 00 00 00
0040 | 04 6A 43 B1 71 00 00 00 85 FD 64 DE 85 1D 9D D0
0050 | FE 00 01 00 AD 9A D1 F9 4C 9B 23 22 A6 9C 66 07
0060 | 34 BF 2B 55 38 BB 8D 5D C3 E2 49 77 47 20 A6 72
0070 | 5A F3 F0 AC E4 7C 95 4E 67 DF 88 BE 1A 9B 4A A2
0080 | 94 44 80 67 33 28 B3 DF 38 81 B2 BB 2A F5 CC 40
0090 | 5B AB 86 3E 2F 1C 4E F5 E4 A1 20 1F CA 20 09 B3
00A0 | ED 36 69 EC 73 41 1B 01 4C CE 84 A6 7B C8 4D 72
00B0 | C4 02 3E E5 20 B9 36 BD 54 C5 5F 98 53 9B 58 5D
00C0 | B5 C9 87 50 98 63 6E 0D A9 0F D5 0F 5E 72 C3 5E
00D0 | 3C BC E4 31 80 44 02 45 C7 4C 88 91 7F A9 2B 78
00E0 | 59 BE A0 39 77 A4 77 2E 0F DB EA 99 72 B5 2B DE
00F0 | F3 B1 EE BD D1 C9 21 36 4D 5E C6 4C A5 F0 89 DE
0100 | B1 94 25 56 0B D5 A2 A7 FE C4 2E 70 36 B6 FB D2
0110 | C4 18 8C 41 73 26 8E CC AC 66 E5 3F CE 5B 64 D3
0120 | 6E F6 90 0B 88 5C 01 FF B0 6F 16 2A E5 18 89 88
0130 | 73 14 3A E1 0F 55 A5 76 10 48 1A 1A 62 C1 05 B7
0140 | F2 5C C2 44 6C 81 FA 53 8A 74 37 C0 87 C8 F3 A6
0150 | E0 7B 72 2FPayload (de)serialization:
req_DH_params#d712e4be nonce:int128 server_nonce:int128 p:string q:string public_key_fingerprint:long encrypted_data:string = Server_DH_Params;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 147D0D00E4E8B668 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | 40010000 (320 in decimal) |
Message body length |
| %(req_DH_params) | 20, 4 | bee412d7 |
req_DH_params constructor number from TL schema |
| nonce | 24, 16 | 90D3E0A1910FE0B7787C7760A703034F |
Value generated by client in Step 1 |
| server_nonce | 40, 16 | 0DD32724AE41E74D3C056AB0697A0830 |
Value received from server in Step 2 |
| p | 56, 8 | 0443F8EFB9000000TL byte deserialization => bigendian conversion to decimal => 1140387769 |
First prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
| q | 64, 8 | 046A43B171000000TL byte deserialization => bigendian conversion to decimal => 1782821233 |
Second prime cofactor: single-byte prefix denoting length, 4-byte string, and three bytes of padding |
| public_key_fingerprint | 72, 8 | 85FD64DE851D9DD0 |
fingerprint of public key used |
| encrypted_data | 80, 260 | FE000100AD9AD1F94C9B2322A69C6607 34BF2B5538BB8D5DC3E249774720A672 5AF3F0ACE47C954E67DF88BE1A9B4AA2 944480673328B3DF3881B2BB2AF5CC40 5BAB863E2F1C4EF5E4A1201FCA2009B3 ED3669EC73411B014CCE84A67BC84D72 C4023EE520B936BD54C55F98539B585D B5C9875098636E0DA90FD50F5E72C35E 3CBCE43180440245C74C88917FA92B78 59BEA03977A4772E0FDBEA9972B52BDE F3B1EEBDD1C921364D5EC64CA5F089DE B19425560BD5A2A7FEC42E7036B6FBD2 C4188C4173268ECCAC66E53FCE5B64D3 6EF6900B885C01FFB06F162AE5188988 73143AE10F55A57610481A1A62C105B7 F25CC2446C81FA538A7437C087C8F3A6E07B722F |
Value generated above |
Received payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 01 28 46 15 E5 E8 B6 68
0010 | 78 02 00 00 5C 07 E8 D0 90 D3 E0 A1 91 0F E0 B7
0020 | 78 7C 77 60 A7 03 03 4F 0D D3 27 24 AE 41 E7 4D
0030 | 3C 05 6A B0 69 7A 08 30 FE 50 02 00 B9 09 1F B5
0040 | DF F3 2C 17 CC CA FC D8 B4 FF ED 55 21 DB 54 F2
0050 | 0A 27 02 8A 8A 7E 73 13 01 FF 52 B1 CA F4 CC 6B
0060 | 72 D8 34 F7 01 9B 0B 8A 0F CE 1C 3F 1E 82 4C 50
0070 | A5 C0 E3 4C 4E 98 36 DF 5E 1E A2 71 FE 40 E4 EB
0080 | 46 00 2D C1 0B D4 64 17 2E 44 D1 1C B2 77 68 C8
0090 | AE 05 27 D4 03 D8 AA ED A7 99 BC DC EE F6 01 50
00A0 | BF B3 80 38 1E F7 CD 90 D3 2F EC C0 A4 39 45 6C
00B0 | 9B EF 85 FB 70 97 70 D6 5A D7 C0 F3 3F 08 58 BF
00C0 | 19 2C AF C5 1C 95 5A 94 04 20 ED 62 73 EE 55 1E
00D0 | 82 04 37 05 AA 3E 93 BA FB 45 3D 24 DA 73 FE 5F
00E0 | FA 9F D4 EB 72 7C 67 34 54 34 E3 C5 CE 79 36 EC
00F0 | E4 EB 5F 6F 7C 05 FA 8F 9D A7 69 51 73 11 9D 6B
0100 | 36 CF 21 21 5E B7 82 8B 9E B7 B1 53 88 CB 00 6E
0110 | 78 B0 45 DB B4 58 35 F6 13 43 39 A4 0E A4 26 4D
0120 | C1 9F F0 B4 E1 4E 1F AF 1D E4 FC DC 6A 7A C9 F3
0130 | 96 A0 50 02 FA 11 A5 65 3B 24 4A B1 E2 EA A7 AF
0140 | CD 1C 09 C5 18 B7 F5 99 78 5E BC 7A 8D 6F 95 FC
0150 | 89 A8 04 9C 33 05 59 5F 91 C1 95 40 A6 07 07 E2
0160 | 0B 29 A7 04 55 63 5F 2A 4E 13 E8 A1 A5 8A D5 90
0170 | EE 4A 0B B5 7F 77 9F 76 D0 E5 31 DA 68 E2 11 9D
0180 | 04 16 80 3E 03 1D 58 D7 64 A6 78 92 36 F0 92 1D
0190 | 7A 24 DC 19 9A 16 01 DE 56 0A F1 82 0B 85 02 A1
01A0 | 3E 4B 80 5F 03 DB F2 1B 2B 68 D9 30 65 D0 BF 9B
01B0 | 5C CA 98 D5 43 92 32 57 0B A9 6D C7 DA F0 66 15
01C0 | D7 07 DF E3 13 B7 15 44 98 4C A6 26 A3 C8 3C 2F
01D0 | 15 85 66 24 CE 9A 29 74 9A 29 47 7E A2 60 84 F4
01E0 | 93 5A D6 AE AE FA 2C 3B D4 CC 3F 01 3E 89 A4 DC
01F0 | E8 C9 09 E2 8D 54 B8 76 2B 7B 34 DC 20 47 B1 C8
0200 | 64 CD BB 93 F0 F1 E6 8F 2A 0A 4F AB EC 6F 49 E8
0210 | DE 6D 20 1D CA 79 20 45 1D 01 61 AA 40 55 35 68
0220 | 41 4C FF 1F AA EC BE 16 71 E0 D7 97 EE 6F DE 4D
0230 | 4D F2 ED 57 4E DC 1E 40 CF C4 CB 4F D2 27 EB E8
0240 | 4B 5C D5 57 AE E3 5A 09 F7 B9 9A E6 5E C8 09 F8
0250 | E0 6A 2D 8C B5 C1 2A 61 A7 DD BB F4 BB 92 9D 1F
0260 | C1 89 FA 08 88 16 BA FC 99 66 E6 35 89 25 A9 D1
0270 | A4 25 83 33 DC 76 D6 C2 5E 24 DE AB 61 34 0E 91
0280 | 4A B7 18 21 33 DA A4 F8 4E 9D DB A6Payload (de)serialization:
server_DH_params_ok#d0e8075c nonce:int128 server_nonce:int128 encrypted_answer:string = Server_DH_Params;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 01284615E5E8B668 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | 78020000 (632 in decimal) |
Message body length |
| %(server_DH_params_ok) | 20, 4 | 5c07e8d0 |
server_DH_params_ok constructor number from TL schema |
| nonce | 24, 16 | 90D3E0A1910FE0B7787C7760A703034F |
Value generated by client in Step 1 |
| server_nonce | 40, 16 | 0DD32724AE41E74D3C056AB0697A0830 |
Value received from server in Step 2 |
| encrypted_answer | 56, 596 | FE500200B9091FB5DFF32C17CCCAFCD8 B4FFED5521DB54F20A27028A8A7E7313 01FF52B1CAF4CC6B72D834F7019B0B8A 0FCE1C3F1E824C50A5C0E34C4E9836DF 5E1EA271FE40E4EB46002DC10BD46417 2E44D11CB27768C8AE0527D403D8AAED A799BCDCEEF60150BFB380381EF7CD90 D32FECC0A439456C9BEF85FB709770D6 5AD7C0F33F0858BF192CAFC51C955A94 0420ED6273EE551E82043705AA3E93BA FB453D24DA73FE5FFA9FD4EB727C6734 5434E3C5CE7936ECE4EB5F6F7C05FA8F 9DA7695173119D6B36CF21215EB7828B 9EB7B15388CB006E78B045DBB45835F6 134339A40EA4264DC19FF0B4E14E1FAF 1DE4FCDC6A7AC9F396A05002FA11A565 3B244AB1E2EAA7AFCD1C09C518B7F599 785EBC7A8D6F95FC89A8049C3305595F 91C19540A60707E20B29A70455635F2A 4E13E8A1A58AD590EE4A0BB57F779F76 D0E531DA68E2119D0416803E031D58D7 64A6789236F0921D7A24DC199A1601DE 560AF1820B8502A13E4B805F03DBF21B 2B68D93065D0BF9B5CCA98D543923257 0BA96DC7DAF06615D707DFE313B71544 984CA626A3C83C2F15856624CE9A2974 9A29477EA26084F4935AD6AEAEFA2C3B D4CC3F013E89A4DCE8C909E28D54B876 2B7B34DC2047B1C864CDBB93F0F1E68F 2A0A4FABEC6F49E8DE6D201DCA792045 1D0161AA40553568414CFF1FAAECBE16 71E0D797EE6FDE4D4DF2ED574EDC1E40 CFC4CB4FD227EBE84B5CD557AEE35A09 F7B99AE65EC809F8E06A2D8CB5C12A61 A7DDBBF4BB929D1FC189FA088816BAFC 9966E6358925A9D1A4258333DC76D6C2 5E24DEAB61340E914AB7182133DAA4F84E9DDBA6 |
See below |
Decrypt encrypted_answer using the reverse of the process specified in step 6:
encrypted_answer = B9091FB5DFF32C17CCCAFCD8B4FFED5521DB54F20A27028A8A7E731301FF52B1CAF4CC6B72D834F7019B0B8A0FCE1C3F1E824C50A5C0E34C4E9836DF5E1EA271FE40E4EB46002DC10BD464172E44D11CB27768C8AE0527D403D8AAEDA799BCDCEEF60150BFB380381EF7CD90D32FECC0A439456C9BEF85FB709770D65AD7C0F33F0858BF192CAFC51C955A940420ED6273EE551E82043705AA3E93BAFB453D24DA73FE5FFA9FD4EB727C67345434E3C5CE7936ECE4EB5F6F7C05FA8F9DA7695173119D6B36CF21215EB7828B9EB7B15388CB006E78B045DBB45835F6134339A40EA4264DC19FF0B4E14E1FAF1DE4FCDC6A7AC9F396A05002FA11A5653B244AB1E2EAA7AFCD1C09C518B7F599785EBC7A8D6F95FC89A8049C3305595F91C19540A60707E20B29A70455635F2A4E13E8A1A58AD590EE4A0BB57F779F76D0E531DA68E2119D0416803E031D58D764A6789236F0921D7A24DC199A1601DE560AF1820B8502A13E4B805F03DBF21B2B68D93065D0BF9B5CCA98D5439232570BA96DC7DAF06615D707DFE313B71544984CA626A3C83C2F15856624CE9A29749A29477EA26084F4935AD6AEAEFA2C3BD4CC3F013E89A4DCE8C909E28D54B8762B7B34DC2047B1C864CDBB93F0F1E68F2A0A4FABEC6F49E8DE6D201DCA7920451D0161AA40553568414CFF1FAAECBE1671E0D797EE6FDE4D4DF2ED574EDC1E40CFC4CB4FD227EBE84B5CD557AEE35A09F7B99AE65EC809F8E06A2D8CB5C12A61A7DDBBF4BB929D1FC189FA088816BAFC9966E6358925A9D1A4258333DC76D6C25E24DEAB61340E914AB7182133DAA4F84E9DDBA6
tmp_aes_key = 11741F285D4F118ECB347B746D979EFC9131258499E195BE2AA09521DA6F6B28
tmp_aes_iv = 003262276B6B21D161A6ED656B2CADBE7196465EADDFBE4D1DAF39D18A10FD03Yielding:
answer_with_hash = 8A52A156AB348AC2E0A3CF652589B39E0DF3AD23BA0D89B590D3E0A1910FE0B7787C7760A703034F0DD32724AE41E74D3C056AB0697A083003000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE0001001FCD6000D692CB468D606A3691A953608D3C6410585F92A93F75C5E9FFE5E42686A0346CAD67C69D48500E58C41458C6D285A21C9128A34D86F60187DC0071BC37FE8826E7771110182EF0C7EA3151C95F8158E8E39D14DCC11A31BECC0765F5F10A2E67725FA176E9927992DF26A85A75A03AC582CAB5C94FB7EE36420928A1AAEDF2424A1EAAE9CF00F1331CB1A2736C0741FA38BA5CF95D7DB2383C4DE412A139442619BB4757274E10C4A82FC417BD14B40E9EFDF3675E70FCCA0565F8A8FB9D9D4FD2A0CB48133D9772938868711C71DF784997A5FF650F92D8110ABAF49EC883DD7AF59D1012D6CC3C9EA6A56390663F0D67A0B239342176DD5861DC65E5E8B66810726E48AEB539AE
answer = BA0D89B590D3E0A1910FE0B7787C7760A703034F0DD32724AE41E74D3C056AB0697A083003000000FE000100C71CAEB9C6B1C9048E6C522F70F13F73980D40238E3E21C14934D037563D930F48198A0AA7C14058229493D22530F4DBFA336F6E0AC925139543AED44CCE7C3720FD51F69458705AC68CD4FE6B6B13ABDC9746512969328454F18FAF8C595F642477FE96BB2A941D5BCD1D4AC8CC49880708FA9B378E3C4F3A9060BEE67CF9A4A4A695811051907E162753B56B0F6B410DBA74D8A84B2A14B3144E0EF1284754FD17ED950D5965B4B9DD46582DB1178D169C6BC465B0D6FF9CA3928FEF5B9AE4E418FC15E83EBEA0F87FA9FF5EED70050DED2849F47BF959D956850CE929851F0D8115F635B105EE2E4E15D04B2454BF6F4FADF034B10403119CD8E3B92FCC5BFE0001001FCD6000D692CB468D606A3691A953608D3C6410585F92A93F75C5E9FFE5E42686A0346CAD67C69D48500E58C41458C6D285A21C9128A34D86F60187DC0071BC37FE8826E7771110182EF0C7EA3151C95F8158E8E39D14DCC11A31BECC0765F5F10A2E67725FA176E9927992DF26A85A75A03AC582CAB5C94FB7EE36420928A1AAEDF2424A1EAAE9CF00F1331CB1A2736C0741FA38BA5CF95D7DB2383C4DE412A139442619BB4757274E10C4A82FC417BD14B40E9EFDF3675E70FCCA0565F8A8FB9D9D4FD2A0CB48133D9772938868711C71DF784997A5FF650F92D8110ABAF49EC883DD7AF59D1012D6CC3C9EA6A56390663F0D67A0B239342176DD5861DC65E5E8B66810726E48AEB539AEGenerated payload (excluding transport headers/trailers):
0000 | BA 0D 89 B5 90 D3 E0 A1 91 0F E0 B7 78 7C 77 60
0010 | A7 03 03 4F 0D D3 27 24 AE 41 E7 4D 3C 05 6A B0
0020 | 69 7A 08 30 03 00 00 00 FE 00 01 00 C7 1C AE B9
0030 | C6 B1 C9 04 8E 6C 52 2F 70 F1 3F 73 98 0D 40 23
0040 | 8E 3E 21 C1 49 34 D0 37 56 3D 93 0F 48 19 8A 0A
0050 | A7 C1 40 58 22 94 93 D2 25 30 F4 DB FA 33 6F 6E
0060 | 0A C9 25 13 95 43 AE D4 4C CE 7C 37 20 FD 51 F6
0070 | 94 58 70 5A C6 8C D4 FE 6B 6B 13 AB DC 97 46 51
0080 | 29 69 32 84 54 F1 8F AF 8C 59 5F 64 24 77 FE 96
0090 | BB 2A 94 1D 5B CD 1D 4A C8 CC 49 88 07 08 FA 9B
00A0 | 37 8E 3C 4F 3A 90 60 BE E6 7C F9 A4 A4 A6 95 81
00B0 | 10 51 90 7E 16 27 53 B5 6B 0F 6B 41 0D BA 74 D8
00C0 | A8 4B 2A 14 B3 14 4E 0E F1 28 47 54 FD 17 ED 95
00D0 | 0D 59 65 B4 B9 DD 46 58 2D B1 17 8D 16 9C 6B C4
00E0 | 65 B0 D6 FF 9C A3 92 8F EF 5B 9A E4 E4 18 FC 15
00F0 | E8 3E BE A0 F8 7F A9 FF 5E ED 70 05 0D ED 28 49
0100 | F4 7B F9 59 D9 56 85 0C E9 29 85 1F 0D 81 15 F6
0110 | 35 B1 05 EE 2E 4E 15 D0 4B 24 54 BF 6F 4F AD F0
0120 | 34 B1 04 03 11 9C D8 E3 B9 2F CC 5B FE 00 01 00
0130 | 1F CD 60 00 D6 92 CB 46 8D 60 6A 36 91 A9 53 60
0140 | 8D 3C 64 10 58 5F 92 A9 3F 75 C5 E9 FF E5 E4 26
0150 | 86 A0 34 6C AD 67 C6 9D 48 50 0E 58 C4 14 58 C6
0160 | D2 85 A2 1C 91 28 A3 4D 86 F6 01 87 DC 00 71 BC
0170 | 37 FE 88 26 E7 77 11 10 18 2E F0 C7 EA 31 51 C9
0180 | 5F 81 58 E8 E3 9D 14 DC C1 1A 31 BE CC 07 65 F5
0190 | F1 0A 2E 67 72 5F A1 76 E9 92 79 92 DF 26 A8 5A
01A0 | 75 A0 3A C5 82 CA B5 C9 4F B7 EE 36 42 09 28 A1
01B0 | AA ED F2 42 4A 1E AA E9 CF 00 F1 33 1C B1 A2 73
01C0 | 6C 07 41 FA 38 BA 5C F9 5D 7D B2 38 3C 4D E4 12
01D0 | A1 39 44 26 19 BB 47 57 27 4E 10 C4 A8 2F C4 17
01E0 | BD 14 B4 0E 9E FD F3 67 5E 70 FC CA 05 65 F8 A8
01F0 | FB 9D 9D 4F D2 A0 CB 48 13 3D 97 72 93 88 68 71
0200 | 1C 71 DF 78 49 97 A5 FF 65 0F 92 D8 11 0A BA F4
0210 | 9E C8 83 DD 7A F5 9D 10 12 D6 CC 3C 9E A6 A5 63
0220 | 90 66 3F 0D 67 A0 B2 39 34 21 76 DD 58 61 DC 65
0230 | E5 E8 B6 68Payload (de)serialization:
server_DH_inner_data#b5890dba nonce:int128 server_nonce:int128 g:int dh_prime:string g_a:string server_time:int = Server_DH_inner_data;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| %(server_DH_inner_data) | 0, 4 | ba0d89b5 |
server_DH_inner_data constructor number from TL schema |
| nonce | 4, 16 | 90D3E0A1910FE0B7787C7760A703034F |
Value generated by client in Step 1 |
| server_nonce | 20, 16 | 0DD32724AE41E74D3C056AB0697A0830 |
Value received from server in Step 2 |
| g | 36, 4 | 03000000 (3 in decimal) |
Value received from server in Step 2 |
| dh_prime | 40, 260 | FE000100C71CAEB9C6B1C9048E6C522F 70F13F73980D40238E3E21C14934D037 563D930F48198A0AA7C14058229493D2 2530F4DBFA336F6E0AC925139543AED4 4CCE7C3720FD51F69458705AC68CD4FE 6B6B13ABDC9746512969328454F18FAF 8C595F642477FE96BB2A941D5BCD1D4A C8CC49880708FA9B378E3C4F3A9060BE E67CF9A4A4A695811051907E162753B5 6B0F6B410DBA74D8A84B2A14B3144E0E F1284754FD17ED950D5965B4B9DD4658 2DB1178D169C6BC465B0D6FF9CA3928F EF5B9AE4E418FC15E83EBEA0F87FA9FF 5EED70050DED2849F47BF959D956850C E929851F0D8115F635B105EE2E4E15D0 4B2454BF6F4FADF034B10403119CD8E3B92FCC5B |
2048-bit prime, in big-endian byte order, to be checked as specified in the auth key docs |
| g_a | 300, 260 | FE0001001FCD6000D692CB468D606A36 91A953608D3C6410585F92A93F75C5E9 FFE5E42686A0346CAD67C69D48500E58 C41458C6D285A21C9128A34D86F60187 DC0071BC37FE8826E7771110182EF0C7 EA3151C95F8158E8E39D14DCC11A31BE CC0765F5F10A2E67725FA176E9927992 DF26A85A75A03AC582CAB5C94FB7EE36 420928A1AAEDF2424A1EAAE9CF00F133 1CB1A2736C0741FA38BA5CF95D7DB238 3C4DE412A139442619BB4757274E10C4 A82FC417BD14B40E9EFDF3675E70FCCA 0565F8A8FB9D9D4FD2A0CB48133D9772 938868711C71DF784997A5FF650F92D8 110ABAF49EC883DD7AF59D1012D6CC3C 9EA6A56390663F0D67A0B239342176DD5861DC65 |
g_a diffie-hellman parameter |
| server_time | 560, 4 | E5E8B668 (1756817637 in decimal) |
Server time |
First, generate a secure random 2048-bit number b:
b = 0C6FEE605D3A223C0554F39323DCB12674BA6FEAD44D8CE42B0B58B61CAC441136AC0BB2922B2CCD56854CBA371A0E37F7C2E9B864BA71C35AB9D064BFFA9AF7EC91FBB2DD4EE837390C7703FF5DA23AC1B1895125F37C43B22CA1E289A1DA0CAEAC385E9EF8054CAD87EF1376A5A792D5346CA6B0B55A25783CBBF7B228857B75089B0396CBD938C38F7035D1C63A0387EC373354FD237CB43BCCE1CD208A7105EB84F9BD929F6FC61F26EC4D1283C6900723ED548385D9B1F170BF06E71F383286E58A640CB183D0DF3A351FE26B4AE73C66ED42BC1088A4B9DBE74BD93BD3B80D35C360B357441D471FD2A3C2C980CDA778E74C8610B8926D486D61BC5C63Then compute g_b = pow(g, b) mod dh_prime
g_b = 3EF54F3181D587C125A20D23942BF3917A2D2146A838C3C35D9428B7667B333F34F582CEBFC0EDB77176C502617DEBBA7753FFC34FF55C86EB8B5032B5B66BB3B04FD80681899F80EC01050EB5C25436BB7D47437B83BC079B6325D00D27694B7D10D29C6E88B388AA7E261CA94F2C4167DEC1C1FF961EA550C0403032400720F8207F60966A03D1FD4F40570DBE5158E4DB3EC277B9A6AE16EB2262311312EECF542DF006EBFD27F9312C3E686D88E3A365CAD8A3AA397240FF01A6C2239C432686A2A1E4ABD4C140EAD209DA579E10C9779685F8018C081E252479BCB0B97C48489D6393460F238E6DB7BCAF788B2CD6129481548DC6A0B6FF8904E6FE183BGenerated payload (excluding transport headers/trailers):
0000 | 54 B6 43 66 90 D3 E0 A1 91 0F E0 B7 78 7C 77 60
0010 | A7 03 03 4F 0D D3 27 24 AE 41 E7 4D 3C 05 6A B0
0020 | 69 7A 08 30 00 00 00 00 00 00 00 00 FE 00 01 00
0030 | 3E F5 4F 31 81 D5 87 C1 25 A2 0D 23 94 2B F3 91
0040 | 7A 2D 21 46 A8 38 C3 C3 5D 94 28 B7 66 7B 33 3F
0050 | 34 F5 82 CE BF C0 ED B7 71 76 C5 02 61 7D EB BA
0060 | 77 53 FF C3 4F F5 5C 86 EB 8B 50 32 B5 B6 6B B3
0070 | B0 4F D8 06 81 89 9F 80 EC 01 05 0E B5 C2 54 36
0080 | BB 7D 47 43 7B 83 BC 07 9B 63 25 D0 0D 27 69 4B
0090 | 7D 10 D2 9C 6E 88 B3 88 AA 7E 26 1C A9 4F 2C 41
00A0 | 67 DE C1 C1 FF 96 1E A5 50 C0 40 30 32 40 07 20
00B0 | F8 20 7F 60 96 6A 03 D1 FD 4F 40 57 0D BE 51 58
00C0 | E4 DB 3E C2 77 B9 A6 AE 16 EB 22 62 31 13 12 EE
00D0 | CF 54 2D F0 06 EB FD 27 F9 31 2C 3E 68 6D 88 E3
00E0 | A3 65 CA D8 A3 AA 39 72 40 FF 01 A6 C2 23 9C 43
00F0 | 26 86 A2 A1 E4 AB D4 C1 40 EA D2 09 DA 57 9E 10
0100 | C9 77 96 85 F8 01 8C 08 1E 25 24 79 BC B0 B9 7C
0110 | 48 48 9D 63 93 46 0F 23 8E 6D B7 BC AF 78 8B 2C
0120 | D6 12 94 81 54 8D C6 A0 B6 FF 89 04 E6 FE 18 3BPayload (de)serialization:
client_DH_inner_data#6643b654 nonce:int128 server_nonce:int128 retry_id:long g_b:string = Client_DH_Inner_Data;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| %(client_DH_inner_data) | 0, 4 | 54b64366 |
client_DH_inner_data constructor number from TL schema |
| nonce | 4, 16 | 90D3E0A1910FE0B7787C7760A703034F |
Value generated by client in Step 1 |
| server_nonce | 20, 16 | 0DD32724AE41E74D3C056AB0697A0830 |
Value received from server in Step 2 |
| g_b | 36, 260 | FE0001003EF54F3181D587C125A20D23 942BF3917A2D2146A838C3C35D9428B7 667B333F34F582CEBFC0EDB77176C502 617DEBBA7753FFC34FF55C86EB8B5032 B5B66BB3B04FD80681899F80EC01050E B5C25436BB7D47437B83BC079B6325D0 0D27694B7D10D29C6E88B388AA7E261C A94F2C4167DEC1C1FF961EA550C04030 32400720F8207F60966A03D1FD4F4057 0DBE5158E4DB3EC277B9A6AE16EB2262 311312EECF542DF006EBFD27F9312C3E 686D88E3A365CAD8A3AA397240FF01A6 C2239C432686A2A1E4ABD4C140EAD209 DA579E10C9779685F8018C081E252479 BCB0B97C48489D6393460F238E6DB7BC AF788B2CD6129481548DC6A0B6FF8904E6FE183B |
Single-byte prefix denoting length, a 256-byte (2048-bit) string, and zero bytes of padding |
| retry_id | 296, 8 | 0000000000000000 |
Equal to zero at the time of the first attempt; otherwise, it is equal to auth_key_aux_hash from the previous failed attempt (see Item 7). |
The serialization of Client_DH_Inner_Data produces a string data. This is used to generate encrypted_data as specified in step 6, using the following inputs:
data = 54B6436690D3E0A1910FE0B7787C7760A703034F0DD32724AE41E74D3C056AB0697A08300000000000000000FE0001003EF54F3181D587C125A20D23942BF3917A2D2146A838C3C35D9428B7667B333F34F582CEBFC0EDB77176C502617DEBBA7753FFC34FF55C86EB8B5032B5B66BB3B04FD80681899F80EC01050EB5C25436BB7D47437B83BC079B6325D00D27694B7D10D29C6E88B388AA7E261CA94F2C4167DEC1C1FF961EA550C0403032400720F8207F60966A03D1FD4F40570DBE5158E4DB3EC277B9A6AE16EB2262311312EECF542DF006EBFD27F9312C3E686D88E3A365CAD8A3AA397240FF01A6C2239C432686A2A1E4ABD4C140EAD209DA579E10C9779685F8018C081E252479BCB0B97C48489D6393460F238E6DB7BCAF788B2CD6129481548DC6A0B6FF8904E6FE183B
padding = 104D329406DECDE12E0DA9B1
tmp_aes_key = 11741F285D4F118ECB347B746D979EFC9131258499E195BE2AA09521DA6F6B28
tmp_aes_iv = 003262276B6B21D161A6ED656B2CADBE7196465EADDFBE4D1DAF39D18A10FD03Process:
data_with_hash := SHA1(data) + data + padding (0-15 random bytes such that total length is divisible by 16)
encrypted_data := AES256_ige_encrypt (data_with_hash, tmp_aes_key, tmp_aes_iv);Output:
encrypted_data = D7DBEF1121AB04C10ABAA33F911FD48598693BDF043FD4AEBD8BE1B22C6E0844A86F166189CB29113F6498982DDD7B2CA79BF7DC78BD0F11BD5D742A61DE95D8BBFA53BDD7E0E5AA56C6960003A627A7CB50D8D9114D69267E284A9BD8FA2F015BE6EDF03B809C79053EDDD66A0813EEB8529D1934BAA7EA990F8415C21C736EBA201B813119BB7FED931185A297AF907A94B68D2D7841D33016230D9306E8BF76769125E0CE2A9380F37C2A1522CCABE0639D9DBB6CF96FFEBE834E7D5F731DC1ED570A080EA8835921748F5C60DF4A8FBA793230E2C9BF3912C9D393FF3CD5D0A59DA46F1226FBFBC29263A2C5457E8D2F5050B79F54FEFCFFDF4A8378DAAD294621B61D0B16F70FFEAEBF160A552DB782763B8FA2C85331FC1028CBAD75FA20BEF9EB2BC45D155F5B9D2AA8548D3A79033D92BDC905D47FA14AA6348995C44F4DB7A3376BEE13CDC2F7EAE2E63780The length of the final string is 336 bytes.
Sent payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 6C 1E 0F 00 E5 E8 B6 68
0010 | 78 01 00 00 1F 5F 04 F5 90 D3 E0 A1 91 0F E0 B7
0020 | 78 7C 77 60 A7 03 03 4F 0D D3 27 24 AE 41 E7 4D
0030 | 3C 05 6A B0 69 7A 08 30 FE 50 01 00 D7 DB EF 11
0040 | 21 AB 04 C1 0A BA A3 3F 91 1F D4 85 98 69 3B DF
0050 | 04 3F D4 AE BD 8B E1 B2 2C 6E 08 44 A8 6F 16 61
0060 | 89 CB 29 11 3F 64 98 98 2D DD 7B 2C A7 9B F7 DC
0070 | 78 BD 0F 11 BD 5D 74 2A 61 DE 95 D8 BB FA 53 BD
0080 | D7 E0 E5 AA 56 C6 96 00 03 A6 27 A7 CB 50 D8 D9
0090 | 11 4D 69 26 7E 28 4A 9B D8 FA 2F 01 5B E6 ED F0
00A0 | 3B 80 9C 79 05 3E DD D6 6A 08 13 EE B8 52 9D 19
00B0 | 34 BA A7 EA 99 0F 84 15 C2 1C 73 6E BA 20 1B 81
00C0 | 31 19 BB 7F ED 93 11 85 A2 97 AF 90 7A 94 B6 8D
00D0 | 2D 78 41 D3 30 16 23 0D 93 06 E8 BF 76 76 91 25
00E0 | E0 CE 2A 93 80 F3 7C 2A 15 22 CC AB E0 63 9D 9D
00F0 | BB 6C F9 6F FE BE 83 4E 7D 5F 73 1D C1 ED 57 0A
0100 | 08 0E A8 83 59 21 74 8F 5C 60 DF 4A 8F BA 79 32
0110 | 30 E2 C9 BF 39 12 C9 D3 93 FF 3C D5 D0 A5 9D A4
0120 | 6F 12 26 FB FB C2 92 63 A2 C5 45 7E 8D 2F 50 50
0130 | B7 9F 54 FE FC FF DF 4A 83 78 DA AD 29 46 21 B6
0140 | 1D 0B 16 F7 0F FE AE BF 16 0A 55 2D B7 82 76 3B
0150 | 8F A2 C8 53 31 FC 10 28 CB AD 75 FA 20 BE F9 EB
0160 | 2B C4 5D 15 5F 5B 9D 2A A8 54 8D 3A 79 03 3D 92
0170 | BD C9 05 D4 7F A1 4A A6 34 89 95 C4 4F 4D B7 A3
0180 | 37 6B EE 13 CD C2 F7 EA E2 E6 37 80Payload (de)serialization:
set_client_DH_params#f5045f1f nonce:int128 server_nonce:int128 encrypted_data:string = Set_client_DH_params_answer;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 6C1E0F00E5E8B668 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | 78010000 (376 in decimal) |
Message body length |
| %(set_client_DH_params) | 20, 4 | 1f5f04f5 |
set_client_DH_params constructor number from TL schema |
| nonce | 24, 16 | 90D3E0A1910FE0B7787C7760A703034F |
Value generated by client in Step 1 |
| server_nonce | 40, 16 | 0DD32724AE41E74D3C056AB0697A0830 |
Value received from server in Step 2 |
| encrypted_data | 56, 340 | FE500100D7DBEF1121AB04C10ABAA33F 911FD48598693BDF043FD4AEBD8BE1B2 2C6E0844A86F166189CB29113F649898 2DDD7B2CA79BF7DC78BD0F11BD5D742A 61DE95D8BBFA53BDD7E0E5AA56C69600 03A627A7CB50D8D9114D69267E284A9B D8FA2F015BE6EDF03B809C79053EDDD6 6A0813EEB8529D1934BAA7EA990F8415 C21C736EBA201B813119BB7FED931185 A297AF907A94B68D2D7841D33016230D 9306E8BF76769125E0CE2A9380F37C2A 1522CCABE0639D9DBB6CF96FFEBE834E 7D5F731DC1ED570A080EA8835921748F 5C60DF4A8FBA793230E2C9BF3912C9D3 93FF3CD5D0A59DA46F1226FBFBC29263 A2C5457E8D2F5050B79F54FEFCFFDF4A 8378DAAD294621B61D0B16F70FFEAEBF 160A552DB782763B8FA2C85331FC1028 CBAD75FA20BEF9EB2BC45D155F5B9D2A A8548D3A79033D92BDC905D47FA14AA6 348995C44F4DB7A3376BEE13CDC2F7EAE2E63780 |
Encrypted client_DH_inner_data generated previously, serialized as a TL byte string |
The client computes the auth_key using formula g_a^b mod dh_prime:
auth_key = 981B8EAE367FBCA315E761B3B99EB2218D13E6A5A015F1DF42F08F6CEF79C76C240580F3BD8EC49CE2D163240B850C457B4FB4A17C26B5F65D97F58A7839CAE0E15804807CF370BEF6762713F80FD5546B120C17B64D0A509EB6854D49D553ABC62E553196EE35DB27CCAC263B3CB6F78B8F1BB0FA5A5399C7E18A07F4A255A143C0E303F6C86D7961BCCBD45F310F46D5004D58912CA91F440632084FF54C6ED9EF0FADFCE2667D3930571A9A58399D2F8CFAECBD88485CA013C2A7E14C232AF6E231B62C4652CD1BFDED2A98F4F1A9E910644D78B1AE64851110DF09D9FA08D7F9D3BCA8E78D5F9E80FB9AF0914370B1D4F44529F9F41101F9FC09888E212BThe server verifies and confirms that auth_key_hash is unique: since it's unique, it replies with the following:
Received payload (excluding transport headers/trailers):
0000 | 00 00 00 00 00 00 00 00 01 84 74 6C E6 E8 B6 68
0010 | 34 00 00 00 34 F7 CB 3B 90 D3 E0 A1 91 0F E0 B7
0020 | 78 7C 77 60 A7 03 03 4F 0D D3 27 24 AE 41 E7 4D
0030 | 3C 05 6A B0 69 7A 08 30 EC B3 43 1A 6A 76 56 1B
0040 | 5C 91 3B 72 00 00 D8 B7Payload (de)serialization:
dh_gen_ok#3bcbf734 nonce:int128 server_nonce:int128 new_nonce_hash1:int128 = Set_client_DH_params_answer;| Parameter | Offset, Length in bytes | Value | Description |
|---|---|---|---|
| auth_key_id | 0, 8 | 0000000000000000 |
0 since the message is in plain text |
| message_id | 8, 8 | 0184746CE6E8B668 |
Message ID generated as specified here » (unixtime() << 32) + (N*4) |
| message_length | 16, 4 | 34000000 (52 in decimal) |
Message body length |
| %(dh_gen_ok) | 20, 4 | 34f7cb3b |
dh_gen_ok constructor number from TL schema |
| nonce | 24, 16 | 90D3E0A1910FE0B7787C7760A703034F |
Value generated by client in Step 1 |
| server_nonce | 40, 16 | 0DD32724AE41E74D3C056AB0697A0830 |
Value received from server in Step 2 |
| new_nonce_hash1 | 56, 16 | ECB3431A6A76561B5C913B720000D8B7 |
The 128 lower-order bits of SHA1 of the byte string derived from the new_nonce string by adding a single byte with the value of 1, 2, or 3, and followed by another 8 bytes with auth_key_aux_hash. Different values are required to prevent an intruder from changing server response dh_gen_ok into dh_gen_retry. |