From ebea3dae651b849c2e68ca39fda5fbe07432ab98 Mon Sep 17 00:00:00 2001 From: Sebastian Stenzel Date: Tue, 30 Dec 2014 18:13:43 +0100 Subject: [PATCH] - Increased file name IV length --- .../crypto/aes256/AesCryptographicConfiguration.java | 5 +++-- .../org/cryptomator/crypto/aes256/FileNamingConventions.java | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/AesCryptographicConfiguration.java b/main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/AesCryptographicConfiguration.java index 9f7aa1cfd..4422d04b9 100644 --- a/main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/AesCryptographicConfiguration.java +++ b/main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/AesCryptographicConfiguration.java @@ -78,9 +78,10 @@ interface AesCryptographicConfiguration { /** * Number of non-zero bytes in the IV used for file name encryption. Less means shorter encrypted filenames, more means higher entropy. - * Maximum length is {@value #AES_BLOCK_LENGTH}. + * Maximum length is {@value #AES_BLOCK_LENGTH}. Even the shortest base32 (see {@link FileNamingConventions#ENCRYPTED_FILENAME_CODEC}) + * encoded byte array will need 8 chars. The maximum number of bytes that fit in 8 base32 chars is 5. Thus 5 is the ideal length. */ - int FILE_NAME_IV_LENGTH = 4; + int FILE_NAME_IV_LENGTH = 5; /** * Number of iterations for key derived from user pw. High iteration count for better resistance to bruteforcing. diff --git a/main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/FileNamingConventions.java b/main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/FileNamingConventions.java index 6d3b5bef6..d7b594d64 100644 --- a/main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/FileNamingConventions.java +++ b/main/crypto-aes/src/main/java/org/cryptomator/crypto/aes256/FileNamingConventions.java @@ -22,7 +22,7 @@ interface FileNamingConventions { String MASTERKEY_FILE_EXT = ".masterkey.json"; /** - * How to encode the encrypted file names safely. + * How to encode the encrypted file names safely. Base32 uses only alphanumeric characters and is case-insensitive. */ BaseNCodec ENCRYPTED_FILENAME_CODEC = new Base32();