Encrypt work factor #477
Merged
Encrypt work factor #477
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @@ -194,6 +194,7 @@ fn test_stronghold_purge_client() { | |||
|
|
|||
| #[test] | |||
| fn purge_client() { | |||
| engine::snapshot::try_set_encrypt_work_factor(0).unwrap(); | |||
There was a problem hiding this comment.
Should we use 1 for these or is there no point?
There was a problem hiding this comment.
You can use 1. 0 will also work.
engine/src/snapshot/logic.rs
Outdated
| @@ -85,7 +105,8 @@ pub enum WriteError { | |||
| /// It is safe to use with strong keys, although computing resources may be wasted. | |||
| /// In this case it is recommended to use `encrypt_content_with_work_factor` with small/zero work factor. | |||
| pub fn encrypt_content<O: Write>(plain: &[u8], output: &mut O, key: &Key) -> Result<(), WriteError> { | |||
| let work_factor = age::RECOMMENDED_MINIMUM_ENCRYPT_WORK_FACTOR; | |||
| let work_factor = get_encrypt_work_factor(); | |||
| // let work_factor = age::RECOMMENDED_MINIMUM_ENCRYPT_WORK_FACTOR; | |||
thibault-martinez
approved these changes
Jun 8, 2023
DaughterOfMars
approved these changes
Jun 8, 2023
Merged
10 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of change
The changes introduce public access to the default snapshot encryption work factor. This is a workaround to make tests run faster at the cost of resetting work factor to zero during testing. In production this feature must not be used, and the default work factor must not be modified as it will lead to security compromise and potential leaks of secrets, including seed.
Links to any relevant issues
Be sure to reference any related issues by adding
fixes issue #.Type of change
Choose a type of change, and delete any options that are not relevant.
How the change has been tested
Describe the tests that you ran to verify your changes.
Make sure to provide instructions for the maintainer as well as any relevant configurations.
Change checklist
Add an
xto the boxes that are relevant to your changes, and delete any items that are not.