add cryptographicallySecure
Note that GPGHMAC keys are not cryptographically secure, because their content has no relation to the name of the key. So, things that use this function to avoid sending keys to a remote will need to special case in support for those keys. If GPGHMAC keys were accepted as cryptographically secure, symlinks using them could be committed to a git repo, and their content would be accepted into the repo, with no guarantee that two repos got the same content, which is what we're aiming to prevent.
This commit is contained in:
Joey Hess
parent
5e24e3ffe7
commit
0fda7c08d0
1 changed files with 8 additions and 0 deletions
|
|
@ -65,6 +65,14 @@ sameExceptExt (SHA1Key _) (SHA1Key _) = True
|
|||
sameExceptExt (MD5Key _) (MD5Key _) = True
|
||||
sameExceptExt _ _ = False
|
||||
|
||||
{- Is the Key variety cryptographically secure, such that no two differing
|
||||
- file contents can be mapped to the same Key? -}
|
||||
cryptographicallySecure :: KeyVariety -> Bool
|
||||
cryptographicallySecure (SHA2Key _ _) = True
|
||||
cryptographicallySecure (SHA3Key _ _) = True
|
||||
cryptographicallySecure (SKEINKey _ _) = True
|
||||
cryptographicallySecure _ = False
|
||||
|
||||
formatKeyVariety :: KeyVariety -> String
|
||||
formatKeyVariety v = case v of
|
||||
SHA2Key sz e -> adde e (addsz sz "SHA")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue