Changes between Initial Version and Version 1 of Ticket #221


Ignore:
Timestamp:
Oct 12, 2012, 12:11:55 AM (10 years ago)
Author:
andersk@mit.edu
Comment:

I think this is most logically an option to zcrypt instead of a separate script.

But FTR, the script I use is tr -d '\000\n' < /dev/urandom | head -c 126. (126 bytes is the maximum length of an old-style DES key. An AES key can be more like 10998 bytes, but it’s hashed down to 16 bytes anyway. Both key types have the restriction against containing \0 or \n.)

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #221 – Description

    initial v1  
    1 Creating a zcrypt key has some pitfalls for the unwary user: in particular, zcrypt will stop reading a key at a null byte or newline (AIUI). It's also not totally obvious how long a key should be. We should have a script in the source tree and the locker for easily generating zcrypt keys of the proper length and character set, so people don't accidentally generate week keys.
     1Creating a zcrypt key has some pitfalls for the unwary user: in particular, zcrypt will stop reading a key at a null byte or newline (AIUI). It's also not totally obvious how long a key should be. We should have a script in the source tree and the locker for easily generating zcrypt keys of the proper length and character set, so people don't accidentally generate weak keys.