diff options
| -rw-r--r-- | Encryption.hs | 2 | ||||
| -rw-r--r-- | Shard.hs | 5 | ||||
| -rw-r--r-- | Types.hs | 3 |
3 files changed, 4 insertions, 6 deletions
diff --git a/Encryption.hs b/Encryption.hs index 649cfed..4a8f5cf 100644 --- a/Encryption.hs +++ b/Encryption.hs @@ -164,7 +164,7 @@ hashToAESKey (ExpensiveHash _ t) = b = B.take (fromIntegral $ Raaz.byteSize (undefined :: AesKey)) $ Raaz.toByteString $ Raaz.sha256 (E.encodeUtf8 t) --- | A bytestring that can be AES enctypted. It includes a checksum, +-- | A bytestring that can be AES encrypted. It includes a checksum, -- and size, and is padded to the objectSize with NULs. -- -- This is a multiple of the AES blocksize, as long as objectSize is, @@ -40,9 +40,8 @@ instance Bruteforceable ShardIdents UnknownName where -- -- This is an expensive operation, to make it difficult for an attacker -- to brute force known/guessed names and find matching shards. --- The keyid or filename is used as a salt, both to avoid collisions --- when the same name is chosen for multiple keys, and to prevent the --- attacker from using a rainbow table from names to expensivehashes. +-- The keyid or filename is used as a salt, to avoid collisions +-- when the same name is chosen for multiple keys. shardIdents :: Tunables -> Name -> SecretKeySource -> ShardIdents shardIdents tunables (Name name) keyid = ShardIdents idents creationcost bruteforcecalc @@ -27,8 +27,7 @@ instance Show EncryptedSecretKey where instance Bruteforceable EncryptedSecretKey UnknownPassword where getBruteCostCalc (EncryptedSecretKey _ cc) = cc --- | Objects stored on a keysafe server are (probably) a shard of an --- encrypted secret key. +-- | An object in a form suitable to be stored on a keysafe server. newtype StorableObject = StorableObject { fromStorableObject :: B.ByteString } deriving (Show) |