Use better naming for key manager domain separators #6328
Assignees
Comments
SWvheerden
pushed a commit
that referenced
this issue
May 9, 2024
Description --- Updates key manager hasher labels used in cipher seeds. Improves the ordering of MAC input data. Closes #6328. Motivation and Context --- The hasher labels used for cipher seeds are vaguely named, which seems like an unnecessary footgun. This PR updates them, incrementing to a new cipher seed version. We also take the opportunity of a new version to reorganize how cipher seed MAC input data is ordered; specifically, we move the version byte to the front, which is more in line with its use elsewhere. This doesn't impose any particular security concerns (the MAC input data is never directly parsed), but had a bad smell. How Has This Been Tested? --- Tests pass. What process can a PR reviewer use to test or verify this change? --- Check that the naming change and reordering do what they say on the tin. Breaking Changes --- Because the library only supports the most recent cipher seed version, existing cipher seeds will fail to decrypt. BREAKING CHANGE: Changes the construction of cipher seeds via a new version; older cipher seeds will fail to decrypt.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The key manager hasher uses vague domain separation for PBKDF salts and stream cipher nonces in cipher seeds. It may be wise to rename them with a more specific purpose to avoid any collisions in the future.
The text was updated successfully, but these errors were encountered: