From bbd209a3b83b11d1c46b13bea35b534598827c12 Mon Sep 17 00:00:00 2001
From: joe <joe@jerkface.net>
Date: Fri, 2 Sep 2016 01:40:10 -0400
Subject: Use randomized salt for default cipher.

---
 lib/Kiki.hs | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'lib/Kiki.hs')

diff --git a/lib/Kiki.hs b/lib/Kiki.hs
index 87b6ea5..45e67f8 100644
--- a/lib/Kiki.hs
+++ b/lib/Kiki.hs
@@ -195,8 +195,11 @@ importAndRefresh root cmn cipher = do
         do rs <- writeKeyToFile (streaminfo { typ = PEMFile, access = Sec, spill = KF_Match "tor", fill = KF_All }) (FileDesc write_tor) tor_un
            -- outputReport $ map (first show) rs
            return ()
-        let cipher's2k = (cipher {- AES128 -}, IteratedSaltedS2K SHA1 4073382889203176146 7864320)
-            ctx = InputFileContext secring pubring
+        cipher's2k <- do
+            IteratedSaltedS2K _ salt _ <- randomS2K SHA1
+            -- (cipher {- AES128 -}, IteratedSaltedS2K SHA1 4073382889203176146 7864320)
+            return $ (cipher {- AES128 -}, IteratedSaltedS2K SHA1 salt (15 * 2^19))
+        let ctx = InputFileContext secring pubring
             main_passwds = withAgent $ do pfd <- maybeToList passfd
                                           return $ PassphraseSpec Nothing Nothing pfd
             passwordop = KeyRingOperation
-- 
cgit v1.2.3