|
|
@@ -5030,7 +5030,7 @@ DiskSliceSize=1457664
|
|
|
<body>
|
|
|
<p>Specifies a password you want to prompt the user for at the beginning of the installation.</p>
|
|
|
<p>When using a password, you might consider setting <link topic="setup_encryption">Encryption</link> to <tt>yes</tt> as well, otherwise files will be stored as plain text and it would not be exceedingly difficult for someone to gain access to them through reverse engineering.</p>
|
|
|
-<p>The password itself is not stored as clear text; it's stored as a 160-bit SHA-1 hash, salted with a 64-bit random number. (Note: When encryption is enabled, this stored hash is <i>not</i> used for the encryption key; a different hash with a different salt is generated for that.)</p>
|
|
|
+<p>The password itself is not stored as clear text; it's stored as a 160-bit SHA-1 hash, salted with a 64-bit random number. (Note: When encryption is enabled, this stored hash is <i>not</i> used for the encryption key.)</p>
|
|
|
</body>
|
|
|
</setuptopic>
|
|
|
|
|
|
@@ -5437,10 +5437,9 @@ DiskSliceSize=1457664
|
|
|
<setupvalid><link topic="yesnonotes"><tt>yes</tt> or <tt>no</tt></link></setupvalid>
|
|
|
<setupdefault><tt>no</tt></setupdefault>
|
|
|
<body>
|
|
|
-<p>If set to <tt>yes</tt>, files that are compiled into the installation (via [Files] section entries) will be encrypted using ARCFOUR encryption, with a 160-bit key derived from the value of the <link topic="setup_password">Password</link> [Setup] section directive.</p>
|
|
|
-<p>Because of encryption import/export laws in some countries, encryption support is not included in the main Inno Setup installer but downloaded by it instead. See the <extlink href="https://jrsoftware.org/isdl.php">Inno Setup Downloads</extlink> page for more information.</p>
|
|
|
+<p>If set to <tt>yes</tt>, files that are compiled into the installation (via [Files] section entries) will be encrypted using XChaCha20 encryption, with a 256-bit key derived from the value of the <link topic="setup_password">Password</link> [Setup] section directive.</p>
|
|
|
<p>If encryption is enabled and you call the <link topic="isxfunc_ExtractTemporaryFile">ExtractTemporaryFile</link> function from the [Code] section prior to the user entering the correct password, the function will fail unless the <tt>noencryption</tt> flag is used on the [Files] section entry for the file.</p>
|
|
|
-<p>The key used for encryption is a 160-bit SHA-1 hash of 64-bit random salt plus the value of <link topic="setup_password">Password</link>.</p>
|
|
|
+<p>The key used for encryption is a 256-bit SHA-256 hash of the value of <link topic="setup_password">Password</link> and the nonce used is a 192-bit random base nonce, appending the index of the first file in the chunk for unique encryption nonces.</p>
|
|
|
</body>
|
|
|
</setuptopic>
|
|
|
|
Martijn Laan