Generate ciphers with a better entropy.

Unless highRandomQuality=false (or --fast) is set, use Libgcypt's 'GCRY_VERY_STRONG_RANDOM' level by default for cipher generation, like it's done for OpenPGP key generation. On the assistant side, the random quality is left to the old (lower) level, in order not to scare the user with an enless page load due to the blocking PRNG waiting for IO actions.
author: guilhem <guilhem@fripost.org> 2013-04-05 21:06:16 +0200
committer: Joey Hess <joey@kitenet.net> 2013-04-06 16:09:51 -0400
commit: a7f50205bb1ccd41d4a9ab4e11d984e643be755f (patch)
tree: 519c7148a87575896450b7dc43fc58e8b34dfe02 /Assistant
parent: f758f6d5cbef989bff75fcd140edb8e0b8899b84 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/Assistant/MakeRemote.hs b/Assistant/MakeRemote.hs
index 448f7ad97..866585319 100644
--- a/Assistant/MakeRemote.hs
+++ b/Assistant/MakeRemote.hs
@@ -69,11 +69,15 @@ makeRsyncRemote name location = makeRemote name location $
 		, ("type", "rsync")
 		]
 
-{- Inits a special remote. -}
+{- Inits a special remote. Currently, only 'weak' ciphers can be
+ - generated from the assistant, because otherwise GnuPG may block once
+ - the entropy pool is drained, and as of now there's no way to tell the
+ - user to perform IO actions to refill the pool. -}
 makeSpecialRemote :: String -> RemoteType -> R.RemoteConfig -> Annex ()
 makeSpecialRemote name remotetype config = do
 	(u, c) <- Command.InitRemote.findByName name
-	c' <- R.setup remotetype u $ M.union config c
+	c' <- R.setup remotetype u $
+		M.insert "highRandomQuality" "false" $ M.union config c
 	describeUUID u name
 	configSet u c'
author	guilhem <guilhem@fripost.org>	2013-04-05 21:06:16 +0200
committer	Joey Hess <joey@kitenet.net>	2013-04-06 16:09:51 -0400
commit	a7f50205bb1ccd41d4a9ab4e11d984e643be755f (patch)
tree	519c7148a87575896450b7dc43fc58e8b34dfe02 /Assistant
parent	f758f6d5cbef989bff75fcd140edb8e0b8899b84 (diff)