Commit 9a2e2837 authored by Igor Drozdov's avatar Igor Drozdov

Increase LFS token entropy for keys/deploy keys

Since fingerprint is based on the public key
Let's take more bytes from attr_encrypted_db_key_base
To have the same entropy as a secret for a user

Changelog: changed
parent 7c76abc7
...@@ -96,24 +96,15 @@ module Gitlab ...@@ -96,24 +96,15 @@ module Gitlab
attr_reader :actor attr_reader :actor
def secret def secret
salt + key
end
def salt
case actor case actor
when DeployKey, Key when DeployKey, Key
actor.fingerprint.delete(':').first(16) # Since fingerprint is based on the public key, let's take more bytes from attr_encrypted_db_key_base
actor.fingerprint.delete(':').first(16) + Settings.attr_encrypted_db_key_base_32
when User when User
# Take the last 16 characters as they're more unique than the first 16 # Take the last 16 characters as they're more unique than the first 16
actor.id.to_s + actor.encrypted_password.last(16) actor.id.to_s + actor.encrypted_password.last(16) + Settings.attr_encrypted_db_key_base.first(16)
end end
end end
def key
# Take 16 characters of attr_encrypted_db_key_base, as that's what the
# cipher needs exactly
Settings.attr_encrypted_db_key_base.first(16)
end
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment