diff --git a/docs/Engineering_Reference_Manual.md b/docs/Engineering_Reference_Manual.md index 36ccb6cf..cb99c593 100644 --- a/docs/Engineering_Reference_Manual.md +++ b/docs/Engineering_Reference_Manual.md @@ -350,7 +350,7 @@ This prevents brute-forcing the 6-character invite code space. The recovery phrase is the only human-readable secret in the system. It is never sent to the server in plaintext. -1. When an Android inviter creates a couple, `RecoveryKeyManager.generateRecoveryPhrase()` produces a 10-word phrase from a 256-word list. The phrase has roughly 80 bits of raw entropy; Argon2id makes brute-force infeasible. +1. When an Android inviter creates a couple, `RecoveryKeyManager.generateRecoveryPhrase()` produces a 10-word phrase from a 248-word list (the list is hard-coded as `WORDLIST` in `RecoveryKeyManager.kt`; the iOS `iphone/Closer/Crypto/Resources/wordlist.txt` is a verbatim copy with 248 entries). The phrase has roughly 80 bits of raw entropy (`248^10`); Argon2id makes brute-force infeasible. 2. The inviter encrypts the phrase with the invite code using `encryptPhraseWithCode` and stores the blob on the invite document. 3. The acceptor receives the encrypted blob, decrypts it with the same code, and stores the phrase locally. 4. The phrase is used to unwrap the couple keyset from `wrappedCoupleKey`.