refactor: bcrypt key derivation to aead (#509) #15817
Conversation
* Added Aead encryption and Argon2 key derivation to armor * Added Argon2 key derivation to keyring * Fixed potential bug in variable not being propertly assigned * Switched aead library to x/crypto * fix different lint errors * fix lint issues * Modified decrtyption logic and fixed typo * Fixed comments, and added error handling messages * fixed comments * added changelog * Added improvements over crypto/armor.go * added error default value for kdf switch case and error handling * failing test fix * checkout keyring changes since it was out of scope and generated bugs * rollback changes on keyring_test * reducing scope of the PR * added missing error message for unarmor when having a bad passphrase
github-prbot
requested review from
a team,
aaronc and
atheeshp
and removed request for
a team
|
LGTM, would love a quick review from @FiloSottile 馃檹 |
crypto/armor.go
Outdated
| } | ||
|
|
||
| key = crypto.Sha256(key) // get 32 bytes | ||
| privKeyBytes := legacy.Cdc.MustMarshal(privKey) | ||
| nonce := make([]byte, aead.NonceSize(), aead.NonceSize()+len(privKeyBytes)+aead.Overhead()) |
There was a problem hiding this comment.
Probably worth a comment explaining that it's ok to use a fixed (all zeroes) nonce because the key is generated fresh at every encryption using a fresh random salt every time. If nothing else because it's very important that the code is not changed later to reuse the same salt and passphrase with different private keys.
(By the way, the salt is 128 bits, which gives a 2^-32 chance of collision after 2^50 encryptions. Is that a particularly realistic concern? No. Is it worth making the salt 24 bytes if it's just a matter of changing a constant? Probably.)
|
@bizk let's address Filippo's comments and merge it 馃憣 |
|
Hi solved the comments @FiloSottile also thanks @facundomedica for following up :) |
Head branch was pushed to by a user without write access
* solved lint issues * feat(x/tx): API improvements (cosmos#15871) * refactor(baseapp): set vote info to latest votes (cosmos#15930) * refactor(staking, slashing, signing, misc): remove aliases from types/math.go (cosmos#15902) * fix(autocli): fix simapp enhancing (cosmos#15906) * fix lint on armor.go * ran make lint-fix --------- Co-authored-by: Matt Kocubinski <mkocubinski@gmail.com> Co-authored-by: Marko <marbar3778@yahoo.com> Co-authored-by: samricotta <37125168+samricotta@users.noreply.github.com> Co-authored-by: Julien Robert <julien@rbrt.fr>
Head branch was pushed to by a user without write access
|
@bizk could you fix the linting issue then the bot will merge the pr |
* solved lint issues * fix lint on armor.go * ran make lint-fix * fixed nolint comment
Head branch was pushed to by a user without write access
Closes: #3129
Author Checklist
All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.
I have...
!to the type prefix if API or client breaking changeCHANGELOG.mdReviewers Checklist
All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.
I have...
!in the type prefix if API or client breaking change馃敆 zboto Link