Re: [Monotone-devel] bug: monotone serve w/ long passphrase

[Stefan Karpinski]

Ouch. 32 is not a lot of key material for critical purposes,  
especially since each letter of a typical password contains far less  
than a byte of entropy. What was the motivation for switching from  
crypto++ to Botan? Of course, my purposes are hardly critical, so I  
think I'll just use a shorter key. Thanks for the prompt reply.

BTW, I've been playing around with monotone for a while and think  
it's a really excellent version control system. I can't stand  
centralized systems, and BitKeeper is obviously no longer reasonable  
to use. In many ways, monotone is even better than BK (especially  
being OSS). Keep up the good work!

[stefan]

On Sep 24, 2005, at 8:56 AM, Matt Johnston wrote:

> On Sat, Sep 24, 2005 at 12:30:33AM -0700, Stefan Karpinski wrote:
>
> > Monotone reports the following bug. Here's the short version:
> >
> > $ monotone --db=~/monotone/sex.db serve basin.cs.ucsb.edu
> > "org.leezard.*"
> > enter passphrase for key ID address@hidden:
> > monotone: fatal: std::exception: Botan: ARC4 cannot accept a key of
> > length 33
> ...
>
> > monotone 0.22 (base revision:  
> > 69129c6df327273da0483a0277a72be1801a9a27)
>
> It looks like Botan is limited to 32 byte keys for arcfour -
> AFAICT it should be safe to increase the "32" maximum key
> length in arc4.cpp to 256, though I'll take a closer look
> first (and compare with crypto++'s behaviour).
>
> monotone 0.21 was using crypto++, so that should be able to
> use keys up to 256 bytes as a workaround.
>
> Matt