search

inab / WfExS-backend

Workflow Execution Service Backend
Apache License 2.0
16 stars 6 forks source link

Warn about `scrypt` crypt4gh keys #18

Closed jmfernandez closed 2 years ago

jmfernandez commented 2 years ago

Library crypt4gh can generate and use keys based on different algorithms. One of them is scrypt, which depends on very specific features from OpenSSL used to compile python interpreter.

https://github.com/EGA-archive/crypt4gh/blob/2ba98a7cea96e8fb337b17310cc1a226ad3b3e65/crypt4gh/keys/kdf.py#L29-L43

As this algorithm availability is very dependent on the version of OpenSSL, WfExS-backend should:

  1. Emit a warning each time the conditions where it could fail happen: OpenSSL < 1.1.0 and key generated with scrypt.
  2. Generate new keys always using a different algorithm, like bcrypt, which is not so sensitive to used OpenSSL version on python interpreter compilation.
jmfernandez commented 2 years ago

Fixed on e5923d70bd6817fc42a5754e65791b963b79ddd3