This is an automated email from the ASF dual-hosted git repository. gstein pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/steve.git
commit b3c0db27188815daa3b035f8775d4f56cfdc3eae Author: Greg Stein <[email protected]> AuthorDate: Fri Feb 20 18:21:20 2026 -0600 Intermediate hash of the EDATA glom. --- v3/steve/crypto.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/v3/steve/crypto.py b/v3/steve/crypto.py index da6ce42..9606c81 100644 --- a/v3/steve/crypto.py +++ b/v3/steve/crypto.py @@ -17,6 +17,7 @@ import base64 import secrets +import hashlib # for blake2b import passlib.hash # note that .argon2 is proxy in this pkg @@ -37,11 +38,21 @@ def gen_salt() -> bytes: def gen_opened_key(edata: bytes, salt: bytes) -> bytes: "Generate the OpenedKey for this election." - return _hash(edata, salt) + + # The data is of arbitrary length. Use BLAKE2b to quickly hash all + # this down into a manageable size for Argon2. + # Note: BLAKE2b is the internal primitive of Argon2, so a good fit. + digest = hashlib.blake2b(edata).digest() + + # We have scaled EDATA down to 64 bytes, which is now within the + # passlib input size for the Argon2 algorithm. + return _hash(digest, salt) def gen_vote_token(opened_key: bytes, pid: str, iid: str, salt: bytes) -> bytes: "Generate a person or issue token." + + # NOTE: the data is short enough for the Argon2 algorithm. return _hash(opened_key + pid.encode() + iid.encode(), salt)
