--- gvpe/doc/gvpe.texi	2014/06/18 20:40:52	1.6
+++ gvpe/doc/gvpe.texi	2016/03/30 04:02:50	1.7
@@ -1191,7 +1191,7 @@
 @cindex serial
 The configuration serial number. This can be any string up to 16 bytes length. Only when the serial matches on both sides of a conenction will the connection succeed. This is @emph{not} a security mechanism and eay to spoof, this mechanism exists to alert users that their config is outdated.
 @refill
-It's recommended to specify this is a date string such as @t{2013-05-05} or @t{20121205084417).}
+It's recommended to specify this is a date string such as @t{2013-05-05} or @t{20121205084417}.
 @refill
 The exact algorithm is as this: if a connection request is received form a node with an identical serial, then it succeeds normally.
 @refill
@@ -1864,18 +1864,14 @@
 
 
 @example
- +------+------+--------+------+-------+------+
- | HMAC | TYPE | SRCDST | RAND | SEQNO | DATA |
- +------+------+--------+------+-------+------+
+ +------+------+--------+-------+------+
+ | HMAC | TYPE | SRCDST | SEQNO | DATA |
+ +------+------+--------+-------+------+
 @end example
 
-RAND is a sequence of fully random bytes, used to increase the entropy of the data for encryption purposes.
-@refill
 SEQNO is a 32-bit sequence number. It is negotiated at every connection initialization and starts at some random 31 bit value. GVPE currently uses a sliding window of 512 packets/sequence numbers to detect reordering, duplication and replay attacks.
 @refill
-The encryption is done on RAND+SEQNO+DATA in CBC mode with zero IV (or, equivalently, the IV is RAND+SEQNO, encrypted with the block cipher, unless RAND size is decreased or increased over the default value).
-@refill
-The random prefix itself is generated by using AES in CTR mode with a random key and starting value, which should make them unpredictable even before encrypting them again. The sequence number additionally ensures that the IV is unique.
+The encryption is done on SEQNO+DATA in CTR mode with IV generated from the seqno (for AES: seqno || seqno || seqno || (u32)0), which ensures uniqueness for a given key.
 @refill