Skip to content

chore: shorten provisioner key #14017

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jul 25, 2024
Merged

chore: shorten provisioner key #14017

merged 7 commits into from
Jul 25, 2024

Conversation

f0ssel
Copy link
Contributor

@f0ssel f0ssel commented Jul 25, 2024
edited
Loading

This shortens the provisioner key to a random 32 character string. We no longer include the ID prefixed in the token and simply look up by the hash of the input.

Base automatically changed from f0ssel/provisionerd-key to main July 25, 2024 19:26
@f0ssel f0ssel mentioned this pull request Jul 25, 2024
Closed
17 tasks
@f0ssel f0ssel requested a review from Emyrk July 25, 2024 19:27
@f0ssel f0ssel force-pushed the f0ssel/shorten-key branch from 7fc8554 to 0f992d6 Compare July 25, 2024 19:42
@f0ssel f0ssel changed the base branch from main to mes/time-experiment July 25, 2024 19:43
@f0ssel f0ssel changed the base branch from mes/time-experiment to main July 25, 2024 19:43
Emyrk
Emyrk reviewed Jul 25, 2024
View reviewed changes
coderd/httpmw/provisionerdaemon.go Outdated
if err != nil {
handleOptional(http.StatusUnauthorized, codersdk.Response{
handleOptional(http.StatusBadGateway, codersdk.Response{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

http.StatusBadGateway? This should be unauthorized, no?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This error has a detail that specifies the length must be 64, and I thought it felt more like a 400 in that regard.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

omg I meant StatusBadRequest...

coderd/provisionerkey/provisionerkey.go Outdated
@@ -15,40 +13,31 @@ import (
)

func New(organizationID uuid.UUID, name string, tags map[string]string) (database.InsertProvisionerKeyParams, string, error) {
id := uuid.New()
secret, err := cryptorand.HexString(64)
secret, err := cryptorand.String(64)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

64 is probably longer than we need if we are using alpha (lower & upper) + numbers. When we using hex strings, technically they are case insensitive, so you only get 16 options vs the now 62 (26 lower, 26 upper, 10 numeric)

You only need ~43 characters to match the same search space as 64 hex characters. We only use 22 characters for our api keys (I bet we copied someone else here).

It does not really matter, but if we are shortening our keys, we can at least shorten them to 43 and keep the same level of security as 64 hex characters. Which is super common.

16^64 = 1.157920e+77
62^43 = 1.182613e+77

log(16^64)/log(62) = 42.9948 <-- basically 43

Thoughts on going even shorter? 64 is such an excessive level of security.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Of course, I was leaning on better safe than sorry but let's go short - 32 sound good?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

32 is ~190 bits of entropy. 43 gets us to 256, which is common in symmetric key encryption.

At the end of the day, 32 vs 43 feels completely arbitrary and probably sufficient, but 43 feels like "random" than "32" in the fact it lines up with 256bit. 🤷‍♂️

I don't think 43 looks too bad. That's just my 2c.

43 characters long

RrMe58fCjqyf7A8uRivKq3hQDcC3y5N5rnUWSRz5QA
1KH5y6hAUAJjymG8Xrjia4NY3yz3crenkmuEkT4T3N
3TEiuE7aDvUZyG1TqAtiikKR5rW6WkmG2RuEjCLXi3
z2B0ZRpbhZibWFfdDjRbb6fQzqy7baCBq2JQFKjDeA

32

VB3StT1Uj0CvP6LX2iMzX3eDACKPEBzF
jaDjJSPNLygpKLUELrUU5m5fuNbTfvV7
3QvMTSuRLwn7x0hbX4YJQKf2GMcL3TA5
G6LkDZdw1rumSZuLyMLGUYi15hvR38jA

64

qySKB6Zi6XLmahApVJLM5GMYP9TGy6BEyCYUC7KbVH0AE5h07W0eWg2Cqmjw7gCF
pSngALfmYcVmMETAAcntnp2bzZkRC90pYRa2fC5MmvHMuQHZ7hwg5eGMnWfnbCUu
t5gFjyTD3iy8J9emR6B7TSCwCYrcwJGLQXBw4zPMM0AS9E89DMXy4bK4V4FtJ1qw
v4C06YWqALYBpMScm7AuVYwzun0iEb5iCpQyg2fEWgfreNL2W6itRfzeS1cic1XY
537TcRdc3McvbTKtN4uZRfRp68hrnYJieHHtJp4d9tNWbFFxvrECv0umzig7UUk9

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

43 it is 😄

@f0ssel f0ssel requested a review from Emyrk July 25, 2024 20:50
@f0ssel f0ssel enabled auto-merge (squash) July 25, 2024 20:50
@f0ssel f0ssel merged commit 6c2336b into main Jul 25, 2024
29 checks passed
@f0ssel f0ssel deleted the f0ssel/shorten-key branch July 25, 2024 21:08
@github-actions github-actions bot locked and limited conversation to collaborators Jul 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Emyrk Emyrk Emyrk approved these changes

Assignees

@f0ssel f0ssel

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@f0ssel @Emyrk