project-callisto / callisto-core

Report intake, escrow, matching and secure delivery code for Callisto, an online reporting system for sexual assault.

https://www.projectcallisto.org

GNU Affero General Public License v3.0

137 stars 54 forks source link

add a "pepper" to record encryption #72

Open kelseyq opened 8 years ago

kelseyq commented 8 years ago

Should look a lot like this commit (including a migration test): https://github.com/SexualHealthInnovations/callisto-core/pull/68/commits/910abbc83a1d2f4503c5df8381aabe570b6091b4

kelseyq commented 8 years ago

"pepper" in quotes because there doesn't seem to be a lot of agreement of what the term actually is used to describe. We're using it to describe the second case (encrypting the output hash) described in The Better Way here.

divergentdave commented 8 years ago

68 fixes this, right?

kelseyq commented 8 years ago

68 added a pepper to the encrypted matching entries, but not the encrypted full reports.

ALawley commented 8 years ago

I'll get started on this!