Fix custom entropy breakage

Only characters which are valid hexadecimal characters will properly
add entropy to the string.

Since we have to change this anyway, change the hashing to loop
through 10000 iterations of Keccak, as a kind of poor man's KDF,
to harden against brute force attacks.

The Keccak code is taken from https://github.com/emn178/js-sha3,
under MIT licence.

Thanks to luigi1111w for spotting the bug, suggesting the best
way to fix it, and pointing to the keccak library above.
This commit is contained in:
moneromooo-monero 2016-01-06 23:12:56 +00:00
parent f208ee38bc
commit 032df518f3
No known key found for this signature in database
GPG key ID: 686F07454D6CEFC3
2 changed files with 498 additions and 14 deletions

File diff suppressed because one or more lines are too long

View file

@ -1,17 +1,17 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1 Version: GnuPG v1
iQIcBAABAgAGBQJWhpkbAAoJEGhvB0VNbO/DvjIP/j3nMpxXXDHxg2dJ4pv7yzDY iQIcBAABAgAGBQJWja3lAAoJEGhvB0VNbO/D1/8QAJ3DDHczXi9dG20DLFTvAy6P
xwDpHKMn+l1VtxNsyD63B1IIxWWKnlXIgCx6xJmYRgEN7SZJNw1+yMF0qaZeLalO xDcPAOkiT2SFEpArJ2ZuCtkgRjkkXzjUu1nM2Zy7MHL29uklAaLpubY+4hbL4xVh
HcZz9CaZMhvJHgjlfl+3NX+OIX386PHtYDUQIzINYdJ+zXe4v9n+1Vativ4Sd5P/ LWzYoBRbZGUVVHEON/laDRsmkxYotv1xkcR8GDxjp3gAOlN5TY1fobSi3Wp3M0wU
6Io+40DRTLMkIVTP1lVAXxSsITOhl58rBKQ6h5Cu5+e6pbEeKJPaDOAGLpAASB96 opxJJ4yThevHI7zcXNhwqHp3ltZZ3/pYSsntUxlLvry+KvDvbOtipt6ixRL5WNoZ
HuMMLMuI7af1otCFJO/pYS9tH2T75j/Y79EYiIvWjNQynZ1PdGOEMleXwlUxY77x EblPnSzhA8m2pdCVL6Ek9HbGXIlbu7N7RckALEzPoSOZQyqmpf9royOTyYUuvvPe
owRRGgWhKuMys+aBxHbm77R1Fbr2KFxGRK4edXSIIsqkdkQIie3oPgACHzoKf9hl c6rS7qlm5fWLbcLp5gA8JbpRmvD6IRFuMcdaKtDANVSZcBDabMfBVXEhY46WYo2W
UEpv3XIzX454VMz4agILd1haAmuVcqJA3yMuG6iNwxKpdBtGOBA3wy97lugqu02B e90TvCSG0GOw7MNwuEnCn7zLLcE+5XfoG21EQBUEPs1dZed75gYRKfB4yjugrN/C
5jYSsH4i8WfWpivVhkU+h6wCG0CyspOYs5ypTRqlw7fkrencYdEkItVH51uF48cb ZH3QG0qw0QrIS0JDxcHY3TuxS6lwK5U90V3kI1is/dbJVNZ7ALS6YGb+MUeGeG+D
6knNtKnrfStQ9q3iGxxnZMfP6Pk7jsSD9Cgpjq/Z0IHd64y6k6fcS8RRZHEso836 B7QYztYsJAqhvzhJsHItCSq7AE7/CTNAtTfisN6oM5qvjboqohj++VK4OT2Q2Gs4
M+BWUNyygR8lw60NlEZRSRgpZaXRB/14XmDz0pzoxQzvwbSMjGPtdqKRVRev5Uom FgeWHSi86fnIJeeUlmjRWWpXIc3sin/6Ldj8fYsk7DUv1cMuWSrNxQA/a5te8gDs
C/ZolO2svAZ8JyOb+QYbsIRZ9oIO30Fe9YJqSDEgcrXdyyzCnFocxo7+8nOhFjPM ar0u4PYJ+uEYlCH//F2kQ8KoFAVvRLZ2YgEXVNxTuyyST+anvskgHrTHgi0nKmXK
aZkgXOzI2ArMN1LQ/tmQ JPGyEtgQLt+dxLjdbPpF
=eAUx =BP+3
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----