Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

改进数据仓库 通过密码生成密钥 #6782

Closed
88250 opened this issue Dec 4, 2022 · 1 comment
Closed

改进数据仓库 通过密码生成密钥 #6782

88250 opened this issue Dec 4, 2022 · 1 comment
Assignees
@88250
Labels
Enhancement
Milestone
2.5.3

Comments

@88250
Copy link
Member

88250 commented Dec 4, 2022
edited

https://ld246.com/article/1670120449324

如果用户输入的密码短语是 Base64 编码的字符串,则直接使用解码后的 byte 数组作为仓库密钥。

因为有的用户会使用导出的密钥来作为密码短语初始化,这样会造成初始化后的密钥不一致,通过这个兼容性改进可以避免这个问题。

这样改进逻辑上有漏洞,即再也无法使用 Base64 编码的字符串作为密码短语来生成密钥。这种情况应该很少,所以就强制使用解码后的数据作为 key 了。
@88250 88250 added this to the 2.5.3 milestone Dec 4, 2022
@88250 88250 self-assigned this Dec 4, 2022
88250 added a commit that referenced this issue Dec 4, 2022
@88250
🎨 改进数据仓库 通过密码生成密钥 Fix #6782
ce17ca0
@88250 88250 closed this as completed Dec 4, 2022
@88250 88250 reopened this Dec 5, 2022
@88250
Copy link
Member Author

88250 commented Dec 5, 2022

ce17ca0#r91998377

Zuoqiu-Yingyi added a commit to Zuoqiu-Yingyi/siyuan that referenced this issue Dec 5, 2022
@Zuoqiu-Yingyi
🎨 改进数据仓库 通过密码生成密钥 Fix siyuan-note#6782
6d8022f 
对密钥长度进行判断
88250 pushed a commit that referenced this issue Dec 5, 2022
@Zuoqiu-Yingyi
🎨 改进数据仓库 通过密码生成密钥 Fix #6782 (#6784)
4c46d42 
对密钥长度进行判断
@88250 88250 closed this as completed Dec 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@88250 88250

Labels
Enhancement
Projects
None yet
Milestone
2.5.3
Development

No branches or pull requests
1 participant
@88250