entropy: exempt small content from check
All checks were successful
CI / test (push) Successful in 38s
All checks were successful
CI / test (push) Successful in 38s
Small data has unreliable entropy measurement due to sample size. MIN_ENTROPY_SIZE (default 256 bytes) sets the threshold.
This commit is contained in:
Username
@@ -355,7 +355,8 @@ FlaskPaste can require minimum content entropy to enforce client-side encryption
|
||||
export FLASKPASTE_MIN_ENTROPY=6.0 # Require encryption-level entropy (0=disabled)
|
||||
export FLASKPASTE_MIN_ENTROPY_SIZE=256 # Only check content >= this size (default: 256)
|
||||
```
|
||||
**Response (400 Bad Request):**
|
||||
|
||||
**Response (400 Bad Request):**
|
||||
```json
|
||||
{
|
||||
"error": "Content entropy too low",
|
||||
@@ -369,7 +370,7 @@ export FLASKPASTE_MIN_ENTROPY=7.0 # Require ~encryption-level entropy (0=disabl
|
||||
- Small data is exempt (configurable via `MIN_ENTROPY_SIZE`, default 256 bytes)
|
||||
- Compressed data (gzip, zip) also has high entropy — not distinguishable from encrypted
|
||||
- This is a heuristic, not cryptographic proof of encryption
|
||||
|
||||
|
||||
**Recommended thresholds:**
|
||||
| Threshold | Effect |
|
||||
|-----------|--------|
|
||||
|
||||
Reference in New Issue
Block a user