From e2258ed728b45fbfe585de32d78aa1e25d80a7f2 Mon Sep 17 00:00:00 2001
From: gabixdev <gabixdeveloper@gmail.com>
Date: Fri, 1 Mar 2019 15:45:49 +0000
Subject: [PATCH] Make the secret actually secret, use HMAC for authentication

---
 docs/lvsp.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/lvsp.md b/docs/lvsp.md
index 375c54a..3e94116 100644
--- a/docs/lvsp.md
+++ b/docs/lvsp.md
@@ -66,6 +66,7 @@ Sent by the server when a connection is established.
 | field | type | description |
 | --: | :-- | :-- |
 | heartbeat\_interval | integer | amount of milliseconds to heartbeat with |
+| nonce | string | random 10-character string used as a message in HMAC authentication |
 
 ## IDENTIFY message
 
@@ -73,7 +74,7 @@ Sent by the client to identify itself.
 
 | field | type | description |
 | --: | :-- | :-- |
-| token | string | secret value kept between client and server |
+| token | string | `HMAC(SHA256, key=[secret shared between server and client]), data=[nonce from HELLO]` |
 
 ## RESUME message