From 863393ab2c656759e1c225537f692961d70041dc Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Thu, 11 Aug 2016 23:46:42 -0400
Subject: don't use IV as puzzle after all

Not a good idea to use IV, because all the parts of the IV that are 0
will not obscure the data in the first block at all.

Instead, sha256 the password to generate the IV, and keep the puzzle as
part of the key.
---
 keysafe.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'keysafe.hs')

diff --git a/keysafe.hs b/keysafe.hs
index d6c8792..5179994 100644
--- a/keysafe.hs
+++ b/keysafe.hs
@@ -53,7 +53,7 @@ retrievedemo = do
   where
 	go _ [] = error "decryption failed"
 	go esk (kek:rest) = do
-		print (keyEncryptionKey kek)
+		putStr "."
 		hFlush stdout
 		case decrypt kek esk of
 			-- TODO: verify checksum to avoid false positives
-- 
cgit v1.2.3