diff options
author | Joey Hess <joeyh@joeyh.name> | 2016-08-16 12:57:19 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2016-08-16 13:04:07 -0400 |
commit | 3b4a775d536b2b2956269a59f886487efe29ed51 (patch) | |
tree | bbd8fd580afad11f822b2929061b034abf376c50 /keysafe.hs | |
parent | d7696832e183cc3e98d094b35ee4392d0c8d3df5 (diff) | |
download | keysafe-3b4a775d536b2b2956269a59f886487efe29ed51.tar.gz |
switch to random salt byte to make decryption expensive
Diffstat (limited to 'keysafe.hs')
-rw-r--r-- | keysafe.hs | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -12,6 +12,7 @@ import Tunables import qualified CmdLine import UI import Encryption +import Entropy import Cost import Shard import Storage @@ -45,7 +46,7 @@ storedemo ui keyid tunables = do kek <- genKeyEncryptionKey tunables name password putStrLn "Very rough estimate of cost to brute-force the password:" print $ estimateAttack spotAWS $ estimateBruteforceOf kek - (passwordEntropy password) + (passwordEntropy password []) let esk = encrypt tunables kek secretkey let sis = shardIdents tunables name keyid shards <- genShards esk tunables @@ -77,8 +78,7 @@ retrievedemo ui keyid = do <$> mapM (uncurry (retrieveShard localFiles)) l _ <- obscureShards localFiles let esk = combineShards tunables shards - basekek <- genKeyEncryptionKey tunables name password - go esk (candidateKeyEncryptionKeys tunables basekek) + go esk (candidateKeyEncryptionKeys tunables name password) where go _ [] = error "decryption failed" go esk (kek:rest) = case decrypt kek esk of |