Ok, I've done some searching and unfortunately, there are no 2 byte prefixes for all 3 possible lengths if we increase everything by 1 or 2 bytes. But I found a way to make it work if we increase by 1/2/3 bytes for the 16/32/64 byte root keys respectively. Not ideal, but at least there's a pattern.
I've also changed the prefix from 'ws' and 'WS' to 'rk' and 'RK', something I wanted to do ever since the term 'root key' was introduced.
The unencrypted lengths stay the same, but the prefix length is reduced to 2 bytes, giving us one extra byte. Actually, 1 byte less works for the unencrypted variant. Updated the table.
| Length | Prefix | Min | Max | Count |
|
| 24 | RK | 0x28C1 | 0x28C6 | 6 |
| 40 | RK | 0x4AC5 | 0x4AD1 | 13 |
| 72 | RK | 0xFBB3 | 0xFBDE | 44 |
|
| 26 | rk | 0xF83F | 0xF853 | 21 |
| 43 | rk | 0x6731 | 0x6739 | 9 |
| 76 | rk | 0x4EB4 | 0x4EB9 | 6 |
So the unencrypted format becomes something like:
prefix(2 bytes) + date(2 bytes) + checksum(4 bytes) + root key(16/32/64 bytes)
The encrypted format becomes something like:
prefix(2 bytes) + date(2 bytes) + KDF(5 bits) + entropy(11/19/27 bits) + bloom filter(4 bytes) + encrypted root key(16/32/64 bytes)
Thoughts?