diff options
| author | Joey Hess <joeyh@joeyh.name> | 2018-03-26 07:39:13 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2018-03-26 08:09:41 -0400 |
| commit | 8af994320d3cd343e038bd9721c5ecc80e4b9246 (patch) | |
| tree | b515bfaaefea900dbed45f48759168d2da424a31 | |
| parent | 473e0484d6408e014243071fbe0698c03dd6ebe8 (diff) | |
| download | keysafe-8af994320d3cd343e038bd9721c5ecc80e4b9246.tar.gz | |
Updated to argon2-1.3.
New parameters are set to the old values and test suite passes so this
looks good.
This commit was sponsored by Nick Daly on Patreon.
| -rw-r--r-- | CHANGELOG | 6 | ||||
| -rw-r--r-- | ExpensiveHash.hs | 7 | ||||
| -rw-r--r-- | Tunables.hs | 4 | ||||
| -rw-r--r-- | keysafe.cabal | 3 | ||||
| -rw-r--r-- | stack.yaml | 5 |
5 files changed, 19 insertions, 6 deletions
@@ -1,3 +1,9 @@ +keysafe (0.20170812) UNRELEASED; urgency=medium + + * Updated to argon2-1.3. + + -- Joey Hess <id@joeyh.name> Mon, 26 Mar 2018 07:33:45 -0400 + keysafe (0.20170811) unstable; urgency=medium * Updated to http-client 0.5.3, servant 0.11, and stackage lts-9.0. diff --git a/ExpensiveHash.hs b/ExpensiveHash.hs index 6fab15c..4a01194 100644 --- a/ExpensiveHash.hs +++ b/ExpensiveHash.hs @@ -11,6 +11,7 @@ import Tunables import Cost import Serialization () import qualified Data.Text as T +import Data.Text.Short (toText) import qualified Data.ByteString as B import qualified Crypto.Argon2 as Argon2 import Raaz.Core.Encode @@ -31,12 +32,10 @@ data Salt t = Salt t expensiveHash :: Encodable t => ExpensiveHashTunable -> Salt t -> B.ByteString -> ExpensiveHash expensiveHash (UseArgon2 cost opts) (Salt s) b = ExpensiveHash cost $ - -- Using hashEncoded here and not hash, - -- because of this bug: - -- https://github.com/ocharles/argon2/issues/3 - Argon2.hashEncoded opts b argonsalt + either hashfailed toText $ Argon2.hashEncoded opts b argonsalt where -- argon salt cannot be shorter than 8 bytes, so pad with spaces. argonsalt = let sb = toByteString s in sb <> B.replicate (8 - B.length sb ) 32 + hashfailed e = error ("hash generation failed: " ++ show e) diff --git a/Tunables.hs b/Tunables.hs index 5c28a39..2e96b8c 100644 --- a/Tunables.hs +++ b/Tunables.hs @@ -112,6 +112,8 @@ defaultTunables = Tunables let Divisibility n = d in fromIntegral n , Argon2.hashVariant = Argon2.Argon2i + , Argon2.hashVersion = Argon2.Argon2Version13 + , Argon2.hashLength = 64 } d = Divisibility 4 -- argon2 uses 4 threads @@ -156,6 +158,8 @@ proofOfWorkHashTunable addits = , Argon2.hashMemory = 1000 , Argon2.hashParallelism = 4 , Argon2.hashVariant = Argon2.Argon2i + , Argon2.hashVersion = Argon2.Argon2Version13 + , Argon2.hashLength = 64 } where nits = 20 + addits diff --git a/keysafe.cabal b/keysafe.cabal index 188d02a..575a131 100644 --- a/keysafe.cabal +++ b/keysafe.cabal @@ -36,11 +36,12 @@ Executable keysafe -- changes to these could break backup/restore, so when loosening -- the version ranges, it's important to run keysafe --test secret-sharing == 1.0.* - , argon2 == 1.2.* + , argon2 == 1.3.* , raaz == 0.1.1 , base (>= 4.5 && < 5.0) , bytestring == 0.10.* , text == 1.2.* + , text-short == 0.1.* -- Changes to these dependencies should not impact the data that -- keysafe backs up and restores. , deepseq == 1.4.* @@ -2,8 +2,11 @@ packages: - '.' resolver: lts-9.0 extra-deps: -- argon2-1.2.0 +- argon2-1.3.0.0 - secret-sharing-1.0.0.3 - dice-entropy-conduit-1.0.0.1 - polynomial-0.7.3 +- finite-field-0.8.0 +- text-short-0.1.2 +- zxcvbn-c-1.0.1 explicit-setup-deps: |