diff options
| author | Igor Pashev <pashev.igor@gmail.com> | 2018-04-28 10:16:13 +0300 |
|---|---|---|
| committer | Igor Pashev <pashev.igor@gmail.com> | 2018-04-28 10:22:31 +0300 |
| commit | b425b5041cf784b7c24abcc82e5573cd79304bf7 (patch) | |
| tree | 46bda435518bf4ae14729d86cf4e9fee473f2688 | |
| parent | 5618374d41edc7fb1f8eaf5bf59c1ded97cbee8d (diff) | |
| download | sproxy2-b425b5041cf784b7c24abcc82e5573cd79304bf7.tar.gz | |
Use 64 bytes long key by default
It is padded with zeros to 64 bytes anyway if the length is less.
| -rw-r--r-- | sproxy.example.yml | 5 | ||||
| -rw-r--r-- | src/Sproxy/Server.hs | 2 |
2 files changed, 3 insertions, 4 deletions
diff --git a/sproxy.example.yml b/sproxy.example.yml index f87d97b..e71b23a 100644 --- a/sproxy.example.yml +++ b/sproxy.example.yml @@ -105,11 +105,10 @@ ssl_key: /path/key.pem # Arbitrary string used to sign sproxy cookie and other things (secret!). -# Optional. If not specified, a random key is generated on startup, and -# as a consequence, restaring sproxy will invalidate existing user sessions. +# Optional. If not specified, a random key of length 64 is generated on startup, +# and as a consequence, restaring sproxy will invalidate existing user sessions. # This option could be useful for load-balancing with multiple sproxy instances, # when all instances must understand cookies created by each other. -# This should not be very large, a few random bytes are fine. # # key: !include /run/keys/sproxy.secret diff --git a/src/Sproxy/Server.hs b/src/Sproxy/Server.hs index 809d242..6d8b19c 100644 --- a/src/Sproxy/Server.hs +++ b/src/Sproxy/Server.hs @@ -75,7 +75,7 @@ server configFile = do db <- DB.start (cfHome cf) ds key <- maybe - (Log.info "using new random key" >> getEntropy 32) + (Log.info "using new random key" >> getEntropy 64) (return . pack) (cfKey cf) let settings = |