Fix custom entropy breakage

Only characters which are valid hexadecimal characters will properly
add entropy to the string.

Since we have to change this anyway, change the hashing to loop
through 10000 iterations of Keccak, as a kind of poor man's KDF,
to harden against brute force attacks.

The Keccak code is taken from https://github.com/emn178/js-sha3,
under MIT licence.

Thanks to luigi1111w for spotting the bug, suggesting the best
way to fix it, and pointing to the keccak library above.
This commit is contained in:
moneromooo-monero 2016-01-06 23:12:56 +00:00
parent f208ee38bc
commit 032df518f3
No known key found for this signature in database
GPG key ID: 686F07454D6CEFC3
2 changed files with 498 additions and 14 deletions

File diff suppressed because one or more lines are too long

View file

@ -1,17 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWhpkbAAoJEGhvB0VNbO/DvjIP/j3nMpxXXDHxg2dJ4pv7yzDY
xwDpHKMn+l1VtxNsyD63B1IIxWWKnlXIgCx6xJmYRgEN7SZJNw1+yMF0qaZeLalO
HcZz9CaZMhvJHgjlfl+3NX+OIX386PHtYDUQIzINYdJ+zXe4v9n+1Vativ4Sd5P/
6Io+40DRTLMkIVTP1lVAXxSsITOhl58rBKQ6h5Cu5+e6pbEeKJPaDOAGLpAASB96
HuMMLMuI7af1otCFJO/pYS9tH2T75j/Y79EYiIvWjNQynZ1PdGOEMleXwlUxY77x
owRRGgWhKuMys+aBxHbm77R1Fbr2KFxGRK4edXSIIsqkdkQIie3oPgACHzoKf9hl
UEpv3XIzX454VMz4agILd1haAmuVcqJA3yMuG6iNwxKpdBtGOBA3wy97lugqu02B
5jYSsH4i8WfWpivVhkU+h6wCG0CyspOYs5ypTRqlw7fkrencYdEkItVH51uF48cb
6knNtKnrfStQ9q3iGxxnZMfP6Pk7jsSD9Cgpjq/Z0IHd64y6k6fcS8RRZHEso836
M+BWUNyygR8lw60NlEZRSRgpZaXRB/14XmDz0pzoxQzvwbSMjGPtdqKRVRev5Uom
C/ZolO2svAZ8JyOb+QYbsIRZ9oIO30Fe9YJqSDEgcrXdyyzCnFocxo7+8nOhFjPM
aZkgXOzI2ArMN1LQ/tmQ
=eAUx
iQIcBAABAgAGBQJWja3lAAoJEGhvB0VNbO/D1/8QAJ3DDHczXi9dG20DLFTvAy6P
xDcPAOkiT2SFEpArJ2ZuCtkgRjkkXzjUu1nM2Zy7MHL29uklAaLpubY+4hbL4xVh
LWzYoBRbZGUVVHEON/laDRsmkxYotv1xkcR8GDxjp3gAOlN5TY1fobSi3Wp3M0wU
opxJJ4yThevHI7zcXNhwqHp3ltZZ3/pYSsntUxlLvry+KvDvbOtipt6ixRL5WNoZ
EblPnSzhA8m2pdCVL6Ek9HbGXIlbu7N7RckALEzPoSOZQyqmpf9royOTyYUuvvPe
c6rS7qlm5fWLbcLp5gA8JbpRmvD6IRFuMcdaKtDANVSZcBDabMfBVXEhY46WYo2W
e90TvCSG0GOw7MNwuEnCn7zLLcE+5XfoG21EQBUEPs1dZed75gYRKfB4yjugrN/C
ZH3QG0qw0QrIS0JDxcHY3TuxS6lwK5U90V3kI1is/dbJVNZ7ALS6YGb+MUeGeG+D
B7QYztYsJAqhvzhJsHItCSq7AE7/CTNAtTfisN6oM5qvjboqohj++VK4OT2Q2Gs4
FgeWHSi86fnIJeeUlmjRWWpXIc3sin/6Ldj8fYsk7DUv1cMuWSrNxQA/a5te8gDs
ar0u4PYJ+uEYlCH//F2kQ8KoFAVvRLZ2YgEXVNxTuyyST+anvskgHrTHgi0nKmXK
JPGyEtgQLt+dxLjdbPpF
=BP+3
-----END PGP SIGNATURE-----