Condition DRNG on type of output. #2

Bren2010 · 2016-11-22T18:35:14Z

Right now, for example, learning an ECDSA private key for a realm leaks information about passwords/RSA private keys for the same realm.

ignatk · 2016-11-25T10:52:38Z

gokey.go

 	}

 	gen := &KeyGen{rng}
 	return gen.GeneratePassword(spec)
 }

 func GetKey(password, realm string, seed []byte, keyType int, allowUnsafe bool) (crypto.PrivateKey, error) {
-	rng, err := GetRaw(password, realm, seed, allowUnsafe)
+	rng, err := getReader(password, realm+fmt.Sprintf("-key(%v)", keyType), seed, allowUnsafe)


I think we should try to map back to a string key type rather than to internal int number here. What if in the future we might want to have alternative implementations in other languages, which may internally interpret key type enum differently?

Maybe somehow reuse https://github.com/cloudflare/gokey/blob/master/cmd/gokey/main.go#L31-L36 or put it lower in the stack, so this function can access defined string literals.

Condition DRNG on type of output.

a0e0494

ignatk reviewed Nov 25, 2016

View reviewed changes

Create KeyType enum; auto-gen stringer.

6e96f44

ignatk merged commit 63cb69d into cloudflare:master Nov 29, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Condition DRNG on type of output. #2

Condition DRNG on type of output. #2

Bren2010 commented Nov 22, 2016

ignatk Nov 25, 2016 •

edited

Loading

Condition DRNG on type of output. #2

Condition DRNG on type of output. #2

Conversation

Bren2010 commented Nov 22, 2016

ignatk Nov 25, 2016 • edited Loading

Choose a reason for hiding this comment

ignatk Nov 25, 2016 •

edited

Loading