diff options
| author | Sean Whitton <spwhitton@spwhitton.name> | 2018-04-14 12:22:32 -0700 |
|---|---|---|
| committer | Sean Whitton <spwhitton@spwhitton.name> | 2018-04-14 12:22:32 -0700 |
| commit | faed477de3454a72f1e466c67e948b7819fd96a9 (patch) | |
| tree | 70b5a70d7ed78001bfcd6b513b72d91afb83a6ef | |
| parent | f3c75396af2f21790a1e0232b0c42790bff82f04 (diff) | |
| parent | 8adbfac38a1d6b206c6e40f70f73aaa555435b8e (diff) | |
| download | keysafe-faed477de3454a72f1e466c67e948b7819fd96a9.tar.gz | |
Merge tag '0.20180326'
tagging package keysafe version 0.20180326
# gpg: Signature made Mon 26 Mar 2018 05:12:25 AM MST
# gpg: using RSA key 28A500C35207EAB72F6C0F25DB12DB0FF05F8F38
# gpg: Good signature from "Joey Hess <joeyh@joeyh.name>" [full]
# Primary key fingerprint: E85A 5F63 B31D 24C1 EBF0 D81C C910 D922 2512 E3C7
# Subkey fingerprint: 28A5 00C3 5207 EAB7 2F6C 0F25 DB12 DB0F F05F 8F38
| -rw-r--r-- | CHANGELOG | 6 | ||||
| -rw-r--r-- | ExpensiveHash.hs | 7 | ||||
| -rw-r--r-- | Tunables.hs | 4 | ||||
| -rw-r--r-- | doc/forum.mdwn | 4 | ||||
| -rw-r--r-- | doc/index.mdwn | 15 | ||||
| -rw-r--r-- | doc/news/version_0.20170811.mdwn | 3 | ||||
| -rw-r--r-- | keysafe.cabal | 5 | ||||
| -rw-r--r-- | stack.yaml | 5 |
8 files changed, 35 insertions, 14 deletions
@@ -1,3 +1,9 @@ +keysafe (0.20180326) unstable; urgency=medium + + * Updated to argon2-1.3. + + -- Joey Hess <id@joeyh.name> Mon, 26 Mar 2018 08:12:00 -0400 + keysafe (0.20170811) unstable; urgency=medium * Updated to http-client 0.5.3, servant 0.11, and stackage lts-9.0. diff --git a/ExpensiveHash.hs b/ExpensiveHash.hs index 6fab15c..4a01194 100644 --- a/ExpensiveHash.hs +++ b/ExpensiveHash.hs @@ -11,6 +11,7 @@ import Tunables import Cost import Serialization () import qualified Data.Text as T +import Data.Text.Short (toText) import qualified Data.ByteString as B import qualified Crypto.Argon2 as Argon2 import Raaz.Core.Encode @@ -31,12 +32,10 @@ data Salt t = Salt t expensiveHash :: Encodable t => ExpensiveHashTunable -> Salt t -> B.ByteString -> ExpensiveHash expensiveHash (UseArgon2 cost opts) (Salt s) b = ExpensiveHash cost $ - -- Using hashEncoded here and not hash, - -- because of this bug: - -- https://github.com/ocharles/argon2/issues/3 - Argon2.hashEncoded opts b argonsalt + either hashfailed toText $ Argon2.hashEncoded opts b argonsalt where -- argon salt cannot be shorter than 8 bytes, so pad with spaces. argonsalt = let sb = toByteString s in sb <> B.replicate (8 - B.length sb ) 32 + hashfailed e = error ("hash generation failed: " ++ show e) diff --git a/Tunables.hs b/Tunables.hs index 5c28a39..2e96b8c 100644 --- a/Tunables.hs +++ b/Tunables.hs @@ -112,6 +112,8 @@ defaultTunables = Tunables let Divisibility n = d in fromIntegral n , Argon2.hashVariant = Argon2.Argon2i + , Argon2.hashVersion = Argon2.Argon2Version13 + , Argon2.hashLength = 64 } d = Divisibility 4 -- argon2 uses 4 threads @@ -156,6 +158,8 @@ proofOfWorkHashTunable addits = , Argon2.hashMemory = 1000 , Argon2.hashParallelism = 4 , Argon2.hashVariant = Argon2.Argon2i + , Argon2.hashVersion = Argon2.Argon2Version13 + , Argon2.hashLength = 64 } where nits = 20 + addits diff --git a/doc/forum.mdwn b/doc/forum.mdwn new file mode 100644 index 0000000..5b57b57 --- /dev/null +++ b/doc/forum.mdwn @@ -0,0 +1,4 @@ +This is a place to discuss using keysafe, share tips and tricks, etc. +If you need help, advice, or anything, post about it here. + +[[!inline pages="forum/* and !*/Discussion" archive=yes rootpage=forum postformtext="Add a new thread titled:"]] diff --git a/doc/index.mdwn b/doc/index.mdwn index 5c0c670..28fa831 100644 --- a/doc/index.mdwn +++ b/doc/index.mdwn @@ -38,13 +38,8 @@ also makes it hard for an attacker to even find your encrypted secret key. For a more in-depth explanation, and some analysis of different attack vectors (and how keysafe thwarts them), see [[details]]. -Also, there's a [[FAQ]]. - -Here's a video explaining keysafe: - -<html> -<video controls width=400 src="http://mirror.linux.org.au/pub/linux.conf.au/2017/securely_backing_up_gpg_private_keys_to_the_cloud.webm"></video> -</html> +Also, there's a [[FAQ]], and a +[video explaining keysafe](https://mirror.linux.org.au/pub/linux.conf.au/2017/securely_backing_up_gpg_private_keys_to_the_cloud.webm). ## News @@ -91,3 +86,9 @@ Keysafe is licensed under the terms of the AGPL 3+ ## Thanks Thanks to Anthony Towns for his help with keysafe's design. + +[[!sidebar content=""" +[[FAQ]] +[[Todo]] +[[Forum]] +"""]] diff --git a/doc/news/version_0.20170811.mdwn b/doc/news/version_0.20170811.mdwn new file mode 100644 index 0000000..814ab10 --- /dev/null +++ b/doc/news/version_0.20170811.mdwn @@ -0,0 +1,3 @@ +keysafe 0.20170811 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Updated to http-client 0.5.3, servant 0.11, and stackage lts-9.0."""]]
\ No newline at end of file diff --git a/keysafe.cabal b/keysafe.cabal index 188d02a..10803fc 100644 --- a/keysafe.cabal +++ b/keysafe.cabal @@ -1,5 +1,5 @@ Name: keysafe -Version: 0.20170811 +Version: 0.20180326 Cabal-Version: >= 1.8 Maintainer: Joey Hess <joey@kitenet.net> Author: Joey Hess @@ -36,11 +36,12 @@ Executable keysafe -- changes to these could break backup/restore, so when loosening -- the version ranges, it's important to run keysafe --test secret-sharing == 1.0.* - , argon2 == 1.2.* + , argon2 == 1.3.* , raaz == 0.1.1 , base (>= 4.5 && < 5.0) , bytestring == 0.10.* , text == 1.2.* + , text-short == 0.1.* -- Changes to these dependencies should not impact the data that -- keysafe backs up and restores. , deepseq == 1.4.* @@ -2,8 +2,11 @@ packages: - '.' resolver: lts-9.0 extra-deps: -- argon2-1.2.0 +- argon2-1.3.0.0 - secret-sharing-1.0.0.3 - dice-entropy-conduit-1.0.0.1 - polynomial-0.7.3 +- finite-field-0.8.0 +- text-short-0.1.2 +- zxcvbn-c-1.0.1 explicit-setup-deps: |