From b425b5041cf784b7c24abcc82e5573cd79304bf7 Mon Sep 17 00:00:00 2001 From: Igor Pashev Date: Sat, 28 Apr 2018 10:16:13 +0300 Subject: Use 64 bytes long key by default It is padded with zeros to 64 bytes anyway if the length is less. --- sproxy.example.yml | 5 ++--- src/Sproxy/Server.hs | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/sproxy.example.yml b/sproxy.example.yml index f87d97b..e71b23a 100644 --- a/sproxy.example.yml +++ b/sproxy.example.yml @@ -105,11 +105,10 @@ ssl_key: /path/key.pem # Arbitrary string used to sign sproxy cookie and other things (secret!). -# Optional. If not specified, a random key is generated on startup, and -# as a consequence, restaring sproxy will invalidate existing user sessions. +# Optional. If not specified, a random key of length 64 is generated on startup, +# and as a consequence, restaring sproxy will invalidate existing user sessions. # This option could be useful for load-balancing with multiple sproxy instances, # when all instances must understand cookies created by each other. -# This should not be very large, a few random bytes are fine. # # key: !include /run/keys/sproxy.secret diff --git a/src/Sproxy/Server.hs b/src/Sproxy/Server.hs index 809d242..6d8b19c 100644 --- a/src/Sproxy/Server.hs +++ b/src/Sproxy/Server.hs @@ -75,7 +75,7 @@ server configFile = do db <- DB.start (cfHome cf) ds key <- maybe - (Log.info "using new random key" >> getEntropy 32) + (Log.info "using new random key" >> getEntropy 64) (return . pack) (cfKey cf) let settings = -- cgit v1.2.3