author: https://www.google.com/accounts/o8/id?id=AItOawl9sYlePmv1xK-VvjBdN-5doOa_Xw-jH4U <Richard@web> 2011-03-30 10:37:27 +0000
committer: admin <admin@branchable.com> 2011-03-30 10:37:27 +0000
commit: ee84c75de066826c9fbd8351b456bd7c9980bab6 (patch)
tree: 72435e1e9ca635127ab3e06dc6e6fb0966d0f148 /doc/bugs/S3_bucket_uses_the_same_key_for_encryption_and_hashing.mdwn
parent: 320a4102d6dfff193fc501e53859b2b3edc397d5 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/bugs/S3_bucket_uses_the_same_key_for_encryption_and_hashing.mdwn b/doc/bugs/S3_bucket_uses_the_same_key_for_encryption_and_hashing.mdwn
new file mode 100644
index 000000000..0ec66652e
--- /dev/null
+++ b/doc/bugs/S3_bucket_uses_the_same_key_for_encryption_and_hashing.mdwn
@@ -0,0 +1,5 @@
+While using HMAC instead of "plain" hash functions is inherently more secure, it's still a bad idea to re-use keys for different purposes.
+
+Also, ttbomk, HMAC needs two keys, not one. Are you re-using the same key twice?
+
+Compability for old buckets and support for different ones can be maintained by introducing a new option and simply copying over the encryption key's identifier into this new option should it be missing.
author	https://www.google.com/accounts/o8/id?id=AItOawl9sYlePmv1xK-VvjBdN-5doOa_Xw-jH4U <Richard@web>	2011-03-30 10:37:27 +0000
committer	admin <admin@branchable.com>	2011-03-30 10:37:27 +0000
commit	ee84c75de066826c9fbd8351b456bd7c9980bab6 (patch)
tree	72435e1e9ca635127ab3e06dc6e6fb0966d0f148 /doc/bugs/S3_bucket_uses_the_same_key_for_encryption_and_hashing.mdwn
parent	320a4102d6dfff193fc501e53859b2b3edc397d5 (diff)