diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-08-11 14:07:19 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-08-11 14:32:13 +0200 |
commit | 1627487e88d50657fd753ebbd71514f37c4989f7 (patch) | |
tree | f9b35a6658da615d1bbd67de2ad8d73275da2039 | |
parent | 59ff6d48ab1f025db560e361c3b65790581f18b0 (diff) |
openpgp: Reorder S2K's variants from most to least preferable.
- See #474.
-rw-r--r-- | openpgp/src/crypto/s2k.rs | 47 |
1 files changed, 25 insertions, 22 deletions
diff --git a/openpgp/src/crypto/s2k.rs b/openpgp/src/crypto/s2k.rs index 1a2d3707..1210aa8b 100644 --- a/openpgp/src/crypto/s2k.rs +++ b/openpgp/src/crypto/s2k.rs @@ -35,17 +35,22 @@ use rand::Rng; /// extensions. #[derive(Clone, Copy, PartialEq, Eq, Hash, Debug)] pub enum S2K { - /// Simply hashes the password. - /// - /// This mechanism uses neither iteration to increase the time it - /// takes to derive the key from the password nor does it salt the - /// password. This makes dictionary attacks more feasible. Do - /// not use this variant. - #[deprecated(since = "rfc4880", note = "Use `S2K::Iterated`.")] - Simple { + /// Repeatently hashes the password with a public `salt` value. + Iterated { /// Hash used for key derivation. - hash: HashAlgorithm + hash: HashAlgorithm, + /// Public salt value mixed into the password. + salt: [u8; 8], + /// Number of bytes to hash. + /// + /// This parameter increases the workload for an attacker + /// doing a dictionary attack. Note that not all values are + /// representable. See [`S2K::new_iterated`]. + /// + /// [`S2K::new_iterated`]: #method.new_iterated + hash_bytes: u32, }, + /// Hashes the password with a public `salt` value. /// /// This mechanism does not use iteration to increase the time it @@ -58,21 +63,19 @@ pub enum S2K { /// Public salt value mixed into the password. salt: [u8; 8], }, - /// Repeatently hashes the password with a public `salt` value. - Iterated { + + /// Simply hashes the password. + /// + /// This mechanism uses neither iteration to increase the time it + /// takes to derive the key from the password nor does it salt the + /// password. This makes dictionary attacks more feasible. Do + /// not use this variant. + #[deprecated(since = "rfc4880", note = "Use `S2K::Iterated`.")] + Simple { /// Hash used for key derivation. - hash: HashAlgorithm, - /// Public salt value mixed into the password. - salt: [u8; 8], - /// Number of bytes to hash. - /// - /// This parameter increases the workload for an attacker - /// doing a dictionary attack. Note that not all values are - /// representable. See [`S2K::new_iterated`]. - /// - /// [`S2K::new_iterated`]: #method.new_iterated - hash_bytes: u32, + hash: HashAlgorithm }, + /// Private S2K algorithm Private(u8), /// Unknown S2K algorithm |