diff options
author | Joey Hess <joeyh@joeyh.name> | 2016-08-18 09:44:59 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2016-08-18 09:44:59 -0400 |
commit | b42cc27b3cb18119f5038daee4dc783cb6824f00 (patch) | |
tree | d30082f240a3824ca30af8a110449a09c342c85e /Encryption.hs | |
parent | a018b16273719552c7fb389e2d3b681f9e3bcf26 (diff) | |
download | keysafe-b42cc27b3cb18119f5038daee4dc783cb6824f00.tar.gz |
use name, not password as IV
It was probably ok to use the password, but it's certianly ok to use the
name:
* The name must be known if the shards have been reassembled to get to the
point of decrypting the sharded data.
* The name is unique, while a user might reuse a password for eg, storing
different versions of the same key.
Diffstat (limited to 'Encryption.hs')
-rw-r--r-- | Encryption.hs | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/Encryption.hs b/Encryption.hs index d5a9879..649cfed 100644 --- a/Encryption.hs +++ b/Encryption.hs @@ -96,7 +96,7 @@ genKeyEncryptionKeys :: [SaltPrefix] -> Tunables -> Name -> Password -> [KeyEncr genKeyEncryptionKeys saltprefixes tunables (Name name) (Password password) = map mk saltprefixes where - iv = genIV (Password password) + iv = genIV (Name name) -- To brute force data encrypted with a key, -- an attacker needs to pay the decryptcost for -- each password checked. @@ -128,12 +128,12 @@ allByteStringsOfLength = go [] w <- [0..255] go (w:ws) (n-1) --- Use the sha256 of the password (truncated) as the IV. -genIV :: Password -> Raaz.IV -genIV (Password password) = +-- Use the sha256 of the name (truncated) as the IV. +genIV :: Name -> Raaz.IV +genIV (Name name) = fromMaybe (error "genIV fromByteString failed") $ Raaz.fromByteString $ B.take ivlen $ - Raaz.toByteString $ Raaz.sha256 password + Raaz.toByteString $ Raaz.sha256 name where ivlen = fromIntegral $ Raaz.byteSize (undefined :: Raaz.IV) |