mirror of https://github.com/skeeto/enchive.git
In key derivation, mix passphrase second.
This prevents the shortcut of pre-initializing the hash with the passphrase. PBKDF2 doesn't have this feature.pull/2/head
parent
36909699f1
commit
f426735681
|
@ -44,9 +44,9 @@ and output.
|
|||
### Key management
|
||||
|
||||
One of the core features of Enchive is the ability to derive an
|
||||
asymmetric key pair from a passphrase (PBKDF2). This means you can
|
||||
store your archive key in your brain! To access this feature, use the
|
||||
`--derive` (`-d`) option with the `keygen` command.
|
||||
asymmetric key pair from a passphrase (PBKDF2-like). This means you
|
||||
can store your archive key in your brain! To access this feature, use
|
||||
the `--derive` (`-d`) option with the `keygen` command.
|
||||
|
||||
$ enchive keygen --derive
|
||||
|
||||
|
|
|
@ -341,8 +341,8 @@ key_derive(const char *passphrase,
|
|||
sha256_final(ctx, buf);
|
||||
for (i = 0; i < iterations; i++) {
|
||||
sha256_init(ctx);
|
||||
sha256_update(ctx, (u8 *)passphrase, len);
|
||||
sha256_update(ctx, buf, sizeof(buf));
|
||||
sha256_update(ctx, (u8 *)passphrase, len);
|
||||
sha256_final(ctx, buf);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue