Opened 9 years ago

Last modified 7 years ago

#221 new enhancement

Add script for generating zcrypt keys

Reported by: adehnert@mit.edu Owned by:
Priority: minor Milestone:
Component: zephyr Keywords:
Cc:

Description (last modified by andersk@mit.edu)

Creating a zcrypt key has some pitfalls for the unwary user: in particular, zcrypt will stop reading a key at a null byte or newline (AIUI). It's also not totally obvious how long a key should be. We should have a script in the source tree and the locker for easily generating zcrypt keys of the proper length and character set, so people don't accidentally generate weak keys.

Change History (2)

comment:1 Changed 9 years ago by andersk@mit.edu

  • Description modified (diff)

I think this is most logically an option to zcrypt instead of a separate script.

But FTR, the script I use is tr -d '\000\n' < /dev/urandom | head -c 126. (126 bytes is the maximum length of an old-style DES key. An AES key can be more like 10998 bytes, but it’s hashed down to 16 bytes anyway. Both key types have the restriction against containing \0 or \n.)

comment:2 Changed 7 years ago by adehnert@mit.edu

  • Priority changed from major to minor

​https://sipb.mit.edu/doc/zcrypt/ now exists (as the resolution of ​http://sipb.mit.edu/trac/ticket/30), so this is now less interesting.

Note: See TracTickets for help on using tickets.