[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Versioning repo?

Christian Jaeger ha scritto (ven 17 ago alle 13:29):
> I installed scrypt because I thought it would offer the password
> strengthening functionality separately (so I could use it to e.g. feed
> stronger passwords to gpg --symmetric), which doesn't seem to be the
> case. Thus I'm looking into adding this to the scrypt tool (or maybe
> write a separate binary). I've noticed two similar approaches by other
> people, but I prefer the most straightforward way, so I'm going to
> give it a try myself.

that's exactly what I implemented just a few days ago[1]. Of course, before
considering it "usable" we all should wait for some review of my code.
And almost surely there will be some cosmetic change.
Note that this is the first piece of code I write for scrypt, and I have
no deep knowledge of "secure programming".

So maybe the best thing is look at my code[2] and see if there's
something you believe to be wrong/unsecure/ugly.

[1] http://marc.info/?l=scrypt&m=134407377922415&w=2
[2] https://github.com/boyska/scrypt/compare/master...onlystretch

> scrypt-1.1.6 seems a bit old, compared with the code in tarsnap, there
> are a couple changes but it's not as simple as just taking the new
> files from tarsnap as there are changes in their dependencies, too. Do
> you have a versioning repository so that I could look through the
> changes?

Now that this has been done, I'll try to readapt my work on top of the
svn repository.

GPG: 785DE285