Ouch. 32 is not a lot of key material for critical purposes,
especially since each letter of a typical password contains far less
than a byte of entropy. What was the motivation for switching from
crypto++ to Botan? Of course, my purposes are hardly critical, so I
think I'll just use a shorter key. Thanks for the prompt reply.
BTW, I've been playing around with monotone for a while and think
it's a really excellent version control system. I can't stand
centralized systems, and BitKeeper is obviously no longer reasonable
to use. In many ways, monotone is even better than BK (especially
being OSS). Keep up the good work!
[stefan]
On Sep 24, 2005, at 8:56 AM, Matt Johnston wrote:
On Sat, Sep 24, 2005 at 12:30:33AM -0700, Stefan Karpinski wrote:
Monotone reports the following bug. Here's the short version:
$ monotone --db=~/monotone/sex.db serve basin.cs.ucsb.edu
"org.leezard.*"
enter passphrase for key ID [EMAIL PROTECTED]:
monotone: fatal: std::exception: Botan: ARC4 cannot accept a key of
length 33
...
monotone 0.22 (base revision:
69129c6df327273da0483a0277a72be1801a9a27)
It looks like Botan is limited to 32 byte keys for arcfour -
AFAICT it should be safe to increase the "32" maximum key
length in arc4.cpp to 256, though I'll take a closer look
first (and compare with crypto++'s behaviour).
monotone 0.21 was using crypto++, so that should be able to
use keys up to 256 bytes as a workaround.
Matt
_______________________________________________
Monotone-devel mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/monotone-devel
