openpgp: Reorder S2K's variants from most to least preferable.

- See #474.
author: Justus Winter <justus@sequoia-pgp.org> 2020-08-11 14:07:19 +0200
committer: Justus Winter <justus@sequoia-pgp.org> 2020-08-11 14:32:13 +0200
commit: 1627487e88d50657fd753ebbd71514f37c4989f7 (patch)
tree: f9b35a6658da615d1bbd67de2ad8d73275da2039
parent: 59ff6d48ab1f025db560e361c3b65790581f18b0 (diff)
1 files changed, 25 insertions, 22 deletions
diff --git a/openpgp/src/crypto/s2k.rs b/openpgp/src/crypto/s2k.rs
index 1a2d3707..1210aa8b 100644
--- a/openpgp/src/crypto/s2k.rs
+++ b/openpgp/src/crypto/s2k.rs
@@ -35,17 +35,22 @@ use rand::Rng;
 /// extensions.
 #[derive(Clone, Copy, PartialEq, Eq, Hash, Debug)]
 pub enum S2K {
-    /// Simply hashes the password.
-    ///
-    /// This mechanism uses neither iteration to increase the time it
-    /// takes to derive the key from the password nor does it salt the
-    /// password.  This makes dictionary attacks more feasible.  Do
-    /// not use this variant.
-    #[deprecated(since = "rfc4880", note = "Use `S2K::Iterated`.")]
-    Simple {
+    /// Repeatently hashes the password with a public `salt` value.
+    Iterated {
         /// Hash used for key derivation.
-        hash: HashAlgorithm
+        hash: HashAlgorithm,
+        /// Public salt value mixed into the password.
+        salt: [u8; 8],
+        /// Number of bytes to hash.
+        ///
+        /// This parameter increases the workload for an attacker
+        /// doing a dictionary attack.  Note that not all values are
+        /// representable.  See [`S2K::new_iterated`].
+        ///
+        ///   [`S2K::new_iterated`]: #method.new_iterated
+        hash_bytes: u32,
     },
+
     /// Hashes the password with a public `salt` value.
     ///
     /// This mechanism does not use iteration to increase the time it
@@ -58,21 +63,19 @@ pub enum S2K {
         /// Public salt value mixed into the password.
         salt: [u8; 8],
     },
-    /// Repeatently hashes the password with a public `salt` value.
-    Iterated {
+
+    /// Simply hashes the password.
+    ///
+    /// This mechanism uses neither iteration to increase the time it
+    /// takes to derive the key from the password nor does it salt the
+    /// password.  This makes dictionary attacks more feasible.  Do
+    /// not use this variant.
+    #[deprecated(since = "rfc4880", note = "Use `S2K::Iterated`.")]
+    Simple {
         /// Hash used for key derivation.
-        hash: HashAlgorithm,
-        /// Public salt value mixed into the password.
-        salt: [u8; 8],
-        /// Number of bytes to hash.
-        ///
-        /// This parameter increases the workload for an attacker
-        /// doing a dictionary attack.  Note that not all values are
-        /// representable.  See [`S2K::new_iterated`].
-        ///
-        ///   [`S2K::new_iterated`]: #method.new_iterated
-        hash_bytes: u32,
+        hash: HashAlgorithm
     },
+
     /// Private S2K algorithm
     Private(u8),
     /// Unknown S2K algorithm
author	Justus Winter <justus@sequoia-pgp.org>	2020-08-11 14:07:19 +0200
committer	Justus Winter <justus@sequoia-pgp.org>	2020-08-11 14:32:13 +0200
commit	1627487e88d50657fd753ebbd71514f37c4989f7 (patch)
tree	f9b35a6658da615d1bbd67de2ad8d73275da2039
parent	59ff6d48ab1f025db560e361c3b65790581f18b0 (diff)