From b42cc27b3cb18119f5038daee4dc783cb6824f00 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 18 Aug 2016 09:44:59 -0400 Subject: use name, not password as IV It was probably ok to use the password, but it's certianly ok to use the name: * The name must be known if the shards have been reassembled to get to the point of decrypting the sharded data. * The name is unique, while a user might reuse a password for eg, storing different versions of the same key. --- Encryption.hs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'Encryption.hs') diff --git a/Encryption.hs b/Encryption.hs index d5a9879..649cfed 100644 --- a/Encryption.hs +++ b/Encryption.hs @@ -96,7 +96,7 @@ genKeyEncryptionKeys :: [SaltPrefix] -> Tunables -> Name -> Password -> [KeyEncr genKeyEncryptionKeys saltprefixes tunables (Name name) (Password password) = map mk saltprefixes where - iv = genIV (Password password) + iv = genIV (Name name) -- To brute force data encrypted with a key, -- an attacker needs to pay the decryptcost for -- each password checked. @@ -128,12 +128,12 @@ allByteStringsOfLength = go [] w <- [0..255] go (w:ws) (n-1) --- Use the sha256 of the password (truncated) as the IV. -genIV :: Password -> Raaz.IV -genIV (Password password) = +-- Use the sha256 of the name (truncated) as the IV. +genIV :: Name -> Raaz.IV +genIV (Name name) = fromMaybe (error "genIV fromByteString failed") $ Raaz.fromByteString $ B.take ivlen $ - Raaz.toByteString $ Raaz.sha256 password + Raaz.toByteString $ Raaz.sha256 name where ivlen = fromIntegral $ Raaz.byteSize (undefined :: Raaz.IV) -- cgit v1.2.3