Commit 7d19450b authored by Douglas Barbosa Alexandre's avatar Douglas Barbosa Alexandre

Merge branch 'id-improve-lfs-token-entropy' into 'master'

Increase LFS token entropy for keys/deploy keys

See merge request gitlab-org/gitlab!74699
parents a9413b64 9a2e2837
......@@ -96,24 +96,15 @@ module Gitlab
attr_reader :actor
def secret
salt + key
end
def salt
case actor
when DeployKey, Key
actor.fingerprint.delete(':').first(16)
# Since fingerprint is based on the public key, let's take more bytes from attr_encrypted_db_key_base
actor.fingerprint.delete(':').first(16) + Settings.attr_encrypted_db_key_base_32
when User
# Take the last 16 characters as they're more unique than the first 16
actor.id.to_s + actor.encrypted_password.last(16)
actor.id.to_s + actor.encrypted_password.last(16) + Settings.attr_encrypted_db_key_base.first(16)
end
end
def key
# Take 16 characters of attr_encrypted_db_key_base, as that's what the
# cipher needs exactly
Settings.attr_encrypted_db_key_base.first(16)
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment