prosody
8b68e8faab52
util/id.lua
Software / code / prosody
File
util/id.lua @ 13503:8b68e8faab52
core.certmanager: Include ffdhe2048 from RFC 7919 as default DH param
This removes one manual (yet undocumented) step that was supposed to be
done to get a complete 'intermediate' configuration.
This file can be found on the Internet by searching for "ffdhe2048" and
can be verified by comparing the hexadecimal representation of p from
the RFC with the output of `openssl asn1parse`.
Given the preference and prevalence of ECDHE, it seems likely that few
would have noticed this.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 12 Jul 2024 15:06:42 +0200 |
| parent | 12975:d10957394a3c |
line wrap: on
line source
-- Prosody IM -- Copyright (C) 2008-2017 Matthew Wild -- Copyright (C) 2008-2017 Waqas Hussain -- Copyright (C) 2008-2017 Kim Alvefur -- -- This project is MIT/X11 licensed. Please see the -- COPYING file in the source package for more information. -- local s_gsub = string.gsub; local random_bytes = require "prosody.util.random".bytes; local base64_encode = require "prosody.util.encodings".base64.encode; local b64url = { ["+"] = "-", ["/"] = "_", ["="] = "" }; local function b64url_random(len) return (s_gsub(base64_encode(random_bytes(len)), "[+/=]", b64url)); end return { -- sizes divisible by 3 fit nicely into base64 without padding== -- for short lived things with low risk of collisions tiny = function() return b64url_random(3); end; -- close to 8 bytes, should be good enough for relatively short lived or uses -- scoped by host or users, half the size of an uuid short = function() return b64url_random(9); end; -- more entropy than uuid at 2/3 the size -- should be okay for globally scoped ids or security token medium = function() return b64url_random(18); end; -- as long as an uuid but MOAR entropy long = function() return b64url_random(27); end; -- pick your own adventure custom = function (size) return function () return b64url_random(size); end; end; }
