search

nstilt1 / crypto-on-the-edge

A WIP Rust crate for generating private keys from IDs based on an HKDF, and eliminates the need to store private keys.
Apache License 2.0
0 stars 0 forks source link

Obfuscate encoded Versions and Timestamps; there are too many 0s in IDs #8

Closed nstilt1 closed 5 months ago

nstilt1 commented 5 months ago

With the current way that version numbers and timestamps are encoded, there could be a ton of 0s in the ID compared to how many 1s are present since the ID and timestamps are encoded as they are represented in binary.

I have thought about this for a while and have come to the conclusion that it might be best to use an additional Mac instance. This implementation will depend on the utils provided in #7. The procedure will be like so:

MasterKeyGenerator has an additional "static" Mac member (its key never changes). ID is generated as [Prefix][RandomBytes][empty mac slice] The first 2 bits of metadata are encoded (the two bools) Call insert_ints_into_slice(), preserving those two bools, overwriting all remaining space that will be taking up TIMESTAMP_BITS + VERSION_BITS with 0s Compute the "static" mac XOR the version with the first 4 bytes of the mac as a u32 XOR the timestamp with the next 8 bytes of the mac as a u64 Call insert_ints_into_slice() to insert these values into the ID

By keeping this MAC's key static, different versions and timestamps will be readable, while this section of the ID will always look different (except for the two bools). The MAC and its key do not need to be super secure, as it is primarily just to have some more random-looking IDs. The only requirement for the MAC is that it must be able to output 12 bytes.

nstilt1 commented 5 months ago

It has been fixed. It uses the KeyGenerator's MAC, and for key and ID generation, a unique version salt is used.