From a7f50205bb1ccd41d4a9ab4e11d984e643be755f Mon Sep 17 00:00:00 2001 From: guilhem Date: Fri, 5 Apr 2013 21:06:16 +0200 Subject: Generate ciphers with a better entropy. Unless highRandomQuality=false (or --fast) is set, use Libgcypt's 'GCRY_VERY_STRONG_RANDOM' level by default for cipher generation, like it's done for OpenPGP key generation. On the assistant side, the random quality is left to the old (lower) level, in order not to scare the user with an enless page load due to the blocking PRNG waiting for IO actions. --- Remote/Helper/Encryptable.hs | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'Remote') diff --git a/Remote/Helper/Encryptable.hs b/Remote/Helper/Encryptable.hs index f3b6bb787..ff7d4990b 100644 --- a/Remote/Helper/Encryptable.hs +++ b/Remote/Helper/Encryptable.hs @@ -31,15 +31,20 @@ encryptionSetup c = case (M.lookup "encryption" c, extractCipher c) of (Just "none", Just _) -> cannotchange (Just "shared", Just (EncryptedCipher _ _)) -> cannotchange (Just _, Just (SharedCipher _)) -> cannotchange - (Just "shared", Nothing) -> use "encryption setup" $ genSharedCipher - (Just keyid, Nothing) -> use "encryption setup" $ genEncryptedCipher keyid + (Just "shared", Nothing) -> use "encryption setup" . genSharedCipher + =<< highRandomQuality + (Just keyid, Nothing) -> use "encryption setup" . genEncryptedCipher keyid + =<< highRandomQuality (Just keyid, Just v) -> use "encryption updated" $ updateEncryptedCipher keyid v where cannotchange = error "Cannot change encryption type of existing remote." use m a = do cipher <- liftIO a showNote $ m ++ " " ++ describeCipher cipher - return $ M.delete "encryption" $ storeCipher c cipher + return $ M.delete "encryption" $ M.delete "highRandomQuality" $ + storeCipher c cipher + highRandomQuality = (&&) (maybe True (/="false") (M.lookup "highRandomQuality" c)) + <$> fmap not (Annex.getState Annex.fast) {- Modifies a Remote to support encryption. - -- cgit v1.2.3