mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

comment

Browse source
This commit is contained in:
Joey Hess 2022-12-27 17:03:47 -04:00
parent c14e15fd1a
commit 0b76a32629
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
1 changed files with 21 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

21
doc/todo/encrypted_keys_in_git_repository/comment_2_6679caba100bee0a0fe32c8eef50758e._comment Normal file
View file

@ -0,0 +1,21 @@
[[!comment format=mdwn
username="joey"
subject="""comment 2"""
date="2022-12-27T20:43:35Z"
content="""
Including the salt in the key is an interesting idea. I am not sure I buy
that it would be secure.
Normally with scrypt (or argon2 etc), and a strong password, the attacker has
to make a huge number of guesses, and so the comparatively modest amount of
work per guess is enough to make it infeasible for them to succeed.
Here though, the attacker will only be interested in guessing the hashes of
known files that they care about. That might be millions of files and so be
a reasonable amount of work to try them all. Probably less work than a good
password, so the hash difficulty parameters would need to be turned up to
secure against that attacker.
But... If the attacker only cares about a single file, they only have to run
scrypt once.
"""]]