diff --git a/services/tunnelbroker/src/Constants.h b/services/tunnelbroker/src/Constants.h
index 2f8285563..6f53c2f30 100644
--- a/services/tunnelbroker/src/Constants.h
+++ b/services/tunnelbroker/src/Constants.h
@@ -1,68 +1,72 @@
 #pragma once
 
 #include <cstdlib>
 #include <regex>
 #include <string>
 
 namespace comm {
 namespace network {
 
 // AWS DynamoDB
 const size_t DYNAMODB_MAX_BATCH_ITEMS = 25;
 const size_t DYNAMODB_BACKOFF_FIRST_RETRY_DELAY = 50;
 const size_t DYNAMODB_MAX_BACKOFF_TIME = 10000; // 10 seconds
 
 const std::string DEVICE_SESSIONS_TABLE_NAME = "tunnelbroker-device-sessions";
 const std::string DEVICE_SESSIONS_VERIFICATION_MESSAGES_TABLE_NAME =
     "tunnelbroker-verification-messages";
 const std::string DEVICE_PUBLIC_KEY_TABLE_NAME = "tunnelbroker-public-keys";
 const std::string MESSAGES_TABLE_NAME = "tunnelbroker-messages";
 
 // Sessions
 const size_t SIGNATURE_REQUEST_LENGTH = 64;
 const size_t SESSION_ID_LENGTH = 64;
 const size_t SESSION_RECORD_TTL = 30 * 24 * 3600; // 30 days
 const size_t SESSION_SIGN_RECORD_TTL = 24 * 3600; // 24 hours
 const std::regex SESSION_ID_FORMAT_REGEX(
     "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}");
 
 // AMQP (RabbitMQ)
 const std::string AMQP_FANOUT_EXCHANGE_NAME = "allBrokers";
 // Message broker queue message TTL
 const size_t AMQP_MESSAGE_TTL = 300 * 1000; // 5 min
 // queue TTL in case of no consumers (tunnelbroker is down)
 const size_t AMQP_QUEUE_TTL = 24 * 3600 * 1000; // 24 hours
 // routing message headers name
 const std::string AMQP_HEADER_FROM_DEVICEID = "fromDeviceID";
 const std::string AMQP_HEADER_TO_DEVICEID = "toDeviceID";
 const std::string AMQP_HEADER_MESSAGEID = "messageID";
 
 const size_t AMQP_RECONNECT_ATTEMPT_INTERVAL_MS = 3000;
 const size_t AMQP_RECONNECT_MAX_ATTEMPTS = 10;
 
 // DeviceID
 // DEVICEID_CHAR_LENGTH has to be kept in sync with deviceIDCharLength
 // which is defined in web/utils/device-id.js
+// and with DEVICE_ID_CHAR_LENGTH
+// defined in native/native_rust_library/src/crypto_tools.rs
 const size_t DEVICEID_CHAR_LENGTH = 64;
 // DEVICEID_FORMAT_REGEX has to be kept in sync with deviceIDFormatRegex
 // which is defined in web/utils/device-id.js
+// and with DEVICE_ID_FORMAT_REGEX
+// defined in native/native_rust_library/src/crypto_tools.rs
 const std::regex DEVICEID_FORMAT_REGEX(
     "^(ks|mobile|web):[a-zA-Z0-9]{" + std::to_string(DEVICEID_CHAR_LENGTH) +
     "}$");
 const size_t DEVICE_ONLINE_PING_INTERVAL_MS = 3000;
 
 // Config
 const std::string CONFIG_FILE_DIRECTORY_ENV_VARIABLE =
     "TUNNELBROKER_CONFIG_FILE_DIRECTORY";
 const std::string DEFAULT_CONFIG_FILE_DIRECTORY =
     std::string(std::getenv("HOME")) + "/tunnelbroker";
 const std::string CONFIG_FILE_NAME = "tunnelbroker.ini";
 const std::string SANDBOX_CONFIG_FILE_NAME = "tunnelbroker-sandbox.ini";
 
 // DeliveryBroker
 const size_t DELIVERY_BROKER_MAX_QUEUE_SIZE = 100;
 // Database messages TTL
 const size_t MESSAGE_RECORD_TTL = 300 * 24 * 60 * 60; // 300 days
 
 } // namespace network
 } // namespace comm
diff --git a/web/redux/device-id-updater.js b/web/redux/device-id-updater.js
index 4cbf0e445..b118ce2d4 100644
--- a/web/redux/device-id-updater.js
+++ b/web/redux/device-id-updater.js
@@ -1,28 +1,28 @@
 // @flow
 import * as React from 'react';
 import { useDispatch, useSelector } from 'react-redux';
 
-import { generateDeviceID, deviceIDTypes } from '../utils/device-id';
+import { generateDeviceID, deviceTypes } from '../utils/device-id';
 import { setDeviceIDActionType } from './action-types';
 
 function DeviceIDUpdater(): null {
   const dispatch = useDispatch();
   const deviceID = useSelector(state => state.deviceID);
   const hasDeviceID = !!deviceID;
   const hadDeviceIDRef = React.useRef<?boolean>(null);
 
   React.useEffect(() => {
     if (hadDeviceIDRef.current !== false && !hasDeviceID) {
-      const newDeviceID = generateDeviceID(deviceIDTypes.WEB);
+      const newDeviceID = generateDeviceID(deviceTypes.WEB);
       dispatch({
         type: setDeviceIDActionType,
         payload: newDeviceID,
       });
     }
     hadDeviceIDRef.current = hasDeviceID;
   }, [hasDeviceID, dispatch]);
 
   return null;
 }
 
 export default DeviceIDUpdater;
diff --git a/web/utils/device-id.js b/web/utils/device-id.js
index ddac03aec..163faf0be 100644
--- a/web/utils/device-id.js
+++ b/web/utils/device-id.js
@@ -1,43 +1,49 @@
 // @flow
 
 import invariant from 'invariant';
 
 import { generateRandomString } from './text-utils';
 
-const deviceIDTypes = Object.freeze({
+const deviceTypes = Object.freeze({
   KEYSERVER: 0,
   WEB: 1,
   MOBILE: 2,
 });
-type DeviceIDType = $Values<typeof deviceIDTypes>;
+type DeviceType = $Values<typeof deviceTypes>;
 
 const alphanumeric =
   '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
 // deviceIDCharLength has to be kept in sync with DEVICEID_CHAR_LENGTH
 // which is defined in services/tunnelbroker/src/Constants.h
+// and with DEVICE_ID_CHAR_LENGTH
+// defined in native/native_rust_library/src/crypto_tools.rs
 const deviceIDCharLength = 64;
 // deviceIDFormatRegex has to be kept in sync with DEVICEID_FORMAT_REGEX
 // which is defined in services/tunnelbroker/src/Constants.h
+// and with DEVICE_ID_FORMAT_REGEX
+// defined in native/native_rust_library/src/crypto_tools.rs
 const deviceIDFormatRegex: RegExp = new RegExp(
   `^(ks|mobile|web):[a-zA-Z0-9]{${deviceIDCharLength.toString()}}$`,
 );
 
-function generateDeviceID(type: DeviceIDType): string {
+// generateDeviceID has to be kept in sync with generate_device_id
+// which is defined in native/native_rust_library/src/crypto_tools.rs
+function generateDeviceID(type: DeviceType): string {
   const suffix = generateRandomString(deviceIDCharLength, alphanumeric);
 
-  if (type === deviceIDTypes.KEYSERVER) {
+  if (type === deviceTypes.KEYSERVER) {
     return `ks:${suffix}`;
-  } else if (type === deviceIDTypes.WEB) {
+  } else if (type === deviceTypes.WEB) {
     return `web:${suffix}`;
-  } else if (type === deviceIDTypes.MOBILE) {
+  } else if (type === deviceTypes.MOBILE) {
     return `mobile:${suffix}`;
   }
   invariant(false, `Unhandled device type ${type}`);
 }
 
 export {
   generateDeviceID,
   deviceIDCharLength,
-  deviceIDTypes,
+  deviceTypes,
   deviceIDFormatRegex,
 };
diff --git a/web/utils/device-id.test.js b/web/utils/device-id.test.js
index 589552d98..6a48a51c4 100644
--- a/web/utils/device-id.test.js
+++ b/web/utils/device-id.test.js
@@ -1,68 +1,66 @@
 // @flow
 
 import {
   generateDeviceID,
   deviceIDCharLength,
-  deviceIDTypes,
+  deviceTypes,
   deviceIDFormatRegex,
 } from './device-id';
 
 describe('generateDeviceID', () => {
   it(
-    'passed deviceIDTypes.KEYSERVER retruns a randomly generated string, ' +
+    'passed deviceTypes.KEYSERVER retruns a randomly generated string, ' +
       'subject to ^(ks|mobile|web):[a-zA-Z0-9]{DEVICEID_CHAR_LENGTH}$',
     () => {
-      expect(generateDeviceID(deviceIDTypes.KEYSERVER)).toMatch(
+      expect(generateDeviceID(deviceTypes.KEYSERVER)).toMatch(
         deviceIDFormatRegex,
       );
     },
   );
 
   it(
-    'passed deviceIDTypes.WEB retruns a randomly generated string, ' +
+    'passed deviceTypes.WEB retruns a randomly generated string, ' +
       'subject to ^(ks|mobile|web):[a-zA-Z0-9]{DEVICEID_CHAR_LENGTH}$',
     () => {
-      expect(generateDeviceID(deviceIDTypes.WEB)).toMatch(deviceIDFormatRegex);
+      expect(generateDeviceID(deviceTypes.WEB)).toMatch(deviceIDFormatRegex);
     },
   );
 
   it(
-    'passed deviceIDTypes.MOBILE retruns a randomly generated string, ' +
+    'passed deviceTypes.MOBILE retruns a randomly generated string, ' +
       'subject to ^(ks|mobile|web):[a-zA-Z0-9]{DEVICEID_CHAR_LENGTH}$',
     () => {
-      expect(generateDeviceID(deviceIDTypes.MOBILE)).toMatch(
-        deviceIDFormatRegex,
-      );
+      expect(generateDeviceID(deviceTypes.MOBILE)).toMatch(deviceIDFormatRegex);
     },
   );
 
   it(
-    'passed deviceIDTypes.KEYSERVER retruns a randomly generated string, ' +
+    'passed deviceTypes.KEYSERVER retruns a randomly generated string, ' +
       'subject to ^(ks):[a-zA-Z0-9]{DEVICEID_CHAR_LENGTH}$',
     () => {
-      expect(generateDeviceID(deviceIDTypes.KEYSERVER)).toMatch(
+      expect(generateDeviceID(deviceTypes.KEYSERVER)).toMatch(
         new RegExp(`^(ks):[a-zA-Z0-9]{${deviceIDCharLength.toString()}}$`),
       );
     },
   );
 
   it(
-    'passed deviceIDTypes.WEB retruns a randomly generated string, ' +
+    'passed deviceTypes.WEB retruns a randomly generated string, ' +
       'subject to ^(web):[a-zA-Z0-9]{DEVICEID_CHAR_LENGTH}$',
     () => {
-      expect(generateDeviceID(deviceIDTypes.WEB)).toMatch(
+      expect(generateDeviceID(deviceTypes.WEB)).toMatch(
         new RegExp(`^(web):[a-zA-Z0-9]{${deviceIDCharLength.toString()}}$`),
       );
     },
   );
 
   it(
-    'passed deviceIDTypes.MOBILE retruns a randomly generated string, ' +
+    'passed deviceTypes.MOBILE retruns a randomly generated string, ' +
       'subject to ^(mobile):[a-zA-Z0-9]{DEVICEID_CHAR_LENGTH}$',
     () => {
-      expect(generateDeviceID(deviceIDTypes.MOBILE)).toMatch(
+      expect(generateDeviceID(deviceTypes.MOBILE)).toMatch(
         new RegExp(`^(mobile):[a-zA-Z0-9]{${deviceIDCharLength.toString()}}$`),
       );
     },
   );
 });