From 669eb02120bc84e8ce9b40c01c8260e0434e2ca4 Mon Sep 17 00:00:00 2001
From: Nik Graf <nik@nikgraf.com>
Date: Mon, 7 Aug 2023 20:54:44 +0200
Subject: [PATCH] update docs: clarify export_key and session_key length

---
 src/lib.rs | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/lib.rs b/src/lib.rs
index 16003642..ac3dfd44 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -523,8 +523,9 @@
 //!
 //! Upon a successful completion of the OPAQUE protocol (the client runs login
 //! with the same password used during registration), the client and server have
-//! access to a session key, which is a pseudorandomly distributed 32-byte
-//! string which only the client and server know. Multiple login runs using the
+//! access to a session key, which is a pseudorandomly distributed byte
+//! string (of length equal to the output size of [voprf::CipherSuite::Hash])
+//! which only the client and server know. Multiple login runs using the
 //! same password for the same client will produce different session keys,
 //! distributed as uniformly random strings. Thus, the session key can be used
 //! to establish a secure channel between the client and server.
@@ -620,11 +621,12 @@
 //!
 //! ## Export Key
 //!
-//! The export key is a pseudorandomly distributed 32-byte string output by both
-//! the [Client Registration Finish](#client-registration-finish) and [Client
-//! Login Finish](#client-login-finish) steps. The same export key string will
-//! be output by both functions only if the exact same password is passed to
-//! [ClientRegistration::start] and [ClientLogin::start].
+//! The export key is a pseudorandomly distributed byte string
+//! (of length equal to the output size of [voprf::CipherSuite::Hash]) output by
+//! both the [Client Registration Finish](#client-registration-finish) and
+//! [Client Login Finish](#client-login-finish) steps. The same export key
+//! string will be output by both functions only if the exact same password is
+//! passed to [ClientRegistration::start] and [ClientLogin::start].
 //!
 //! The export key retains as much secrecy as the password itself, and is
 //! similarly derived through an evaluation of the key stretching function.