Opened 12 years ago
Last modified 10 years ago
#221 new enhancement
Add script for generating zcrypt keys
| Reported by: | adehnert@mit.edu | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | zephyr | Keywords: | |
| Cc: |
Description (last modified by andersk@mit.edu)
Creating a zcrypt key has some pitfalls for the unwary user: in particular, zcrypt will stop reading a key at a null byte or newline (AIUI). It's also not totally obvious how long a key should be. We should have a script in the source tree and the locker for easily generating zcrypt keys of the proper length and character set, so people don't accidentally generate weak keys.
Change History (2)
comment:1 Changed 12 years ago by andersk@mit.edu
- Description modified (diff)
comment:2 Changed 10 years ago by adehnert@mit.edu
- Priority changed from major to minor
βhttps://sipb.mit.edu/doc/zcrypt/ now exists (as the resolution of βhttp://sipb.mit.edu/trac/ticket/30), so this is now less interesting.
Note: See
TracTickets for help on using
tickets.
I think this is most logically an option to zcrypt instead of a separate script.
But FTR, the script I use is tr -d '\000\n' < /dev/urandom | head -c 126. (126 bytes is the maximum length of an old-style DES key. An AES key can be more like 10998 bytes, but itβs hashed down to 16 bytes anyway. Both key types have the restriction against containing \0 or \n.)