Use salted hashes

[overonion] / overonion-make-key

diff --git a/overonion-make-key b/overonion-make-key
index 7d0ff1ac6b69d9d61ef57c6ec594f1261e0174ce..0ff97760d6c12186231680f8b9434bec6cab76df 100755 (executable)
--- a/overonion-make-key
+++ b/overonion-make-key
@@ -1,5 +1,8 @@
 #!/bin/bash
 
+key_size=99
+hash_salt_size=63
+
 ciphers=(
   bf-cbc bf-cfb bf-ecb bf-ofb
   cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb
@@ -14,6 +17,9 @@ ciphers=(
   aes-192-cbc aes-192-cfb aes-192-cfb1 aes-192-cfb8 aes-192-ecb aes-192-ofb
   aes-256-cbc aes-256-cfb aes-256-cfb1 aes-256-cfb8 aes-256-ecb aes-256-ofb
 )
+hashes=(
+  sha sha1 mdc2 ripemd160 sha224 sha256 sha384 sha512 md4 md5 dss1
+)
 
 umask 077
 
@@ -33,20 +39,29 @@ if [[ -e "$keyfile" ]];then
   exit 1
 fi
 
-keys_needed=$((${#ciphers[*]} * 2))
+keys_needed=$((${#ciphers[*]} * 2 + ${#hashes[*]} * 4))
 keys_generated=0
 
 function generate_keys() {
   while read -r cipher;do
-    echo -n $'\r'"Generating key $((++keys_generated))/$keys_needed" >&2
-    echo "openssl-enc $cipher $(head -c 99 "$random_source" | base64 --wrap=0 )"
+    echo -n $'\r'"Generating key $((++keys_generated))/$keys_needed " >&2
+    echo "openssl-enc $cipher $(head -c "$key_size" "$random_source" | base64 --wrap=0 )"
   done < <( IFS=$'\n'; shuf <<< "${ciphers[*]}"; )
 }
 
+function generate_hashes() {
+  while read -r hash;do
+    echo -n $'\r'"Generating salt $((keys_generated += 2))/$keys_needed" >&2
+    echo "openssl-dgst $hash $(head -c "$hash_salt_size" "$random_source" | base64 --wrap=0 ) $(head -c "$hash_salt_size" "$random_source" | base64 --wrap=0 )"
+  done < <( IFS=$'\n'; shuf <<< "${hashes[*]}"; )
+}
+
 {
+  generate_hashes
   generate_keys
   echo "reverse"
   generate_keys
+  generate_hashes
 } > "$keyfile"
 
 echo 2>&1