leonetienne/Sellery
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Password hashing now uses a salt and a kdf

Browse Source
This commit is contained in:
Leonetienne 2022-04-10 16:19:25 +02:00
parent e126788933
commit 15938526ac
2 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config.toml
View File

@ -8,7 +8,7 @@
WEBROOT = '$WORKING_DIR' WEBROOT = '$WORKING_DIR'
# This is the SHA512 digest to check the password against # This is the SHA512 digest to check the password against
PASSWD_HASH = 'a3c1443b087cf5338d3696f6029fdf791ee4829a27e19c9f257a06ca0d88b5b518ac9868bb13199e807553bda62d3dc15b6354862f34fcab0a7c4c45530349ea' PASSWD_HASH = '034ff213a060a0888230c3934cfb1cb1f80ab3f211a114b713598efac2d1a68f8d3402c6b08ace2f3990c4c029351d1141cf47ebc378fc9a83a5dddda6e38a8c'
# Sessions stay valid this many seconds, if inactive. Default: 600 (=10 minutes) # Sessions stay valid this many seconds, if inactive. Default: 600 (=10 minutes)
SESSION_DURATION = 600 SESSION_DURATION = 600

16
server.js
View File

@ -103,6 +103,20 @@ function SHA512Digest(string) {
return crypto.createHash('sha512').update(string, 'utf-8').digest('hex'); return crypto.createHash('sha512').update(string, 'utf-8').digest('hex');
} }
//! Duh?
function hashPassword(password) {
// Salt it
password = 'PQoFvPytZyi7yW/uX4IQ5I' + password + 'ZNUwEfVyn55pI91Myp2+RrOXWFtx5';
// Shake it
for (let i = 0; i < password.length * 500; i++) {
password = SHA512Digest(password + 'z4J7qWugOOfjd8FBbpcFyANjfe4axc4fM2Dj65IMr')
}
// Serve it
return password;
}
//! This function simply serves the authentication page //! This function simply serves the authentication page
function serveAuthenticatePage(request, response) { function serveAuthenticatePage(request, response) {
fs.readFile(__dirname + '/authenticate.html', function (error, data) { fs.readFile(__dirname + '/authenticate.html', function (error, data) {
@ -146,7 +160,7 @@ function testAuthentication(request, response) {
// Extract password from the request and hash it // Extract password from the request and hash it
const postData = querystring.parse(requestBody); const postData = querystring.parse(requestBody);
const password = postData['password']; const password = postData['password'];
const passwordHash = SHA512Digest(password); const passwordHash = hashPassword(password);
// Is the password good? // Is the password good?
if (passwordHash === config.PASSWD_HASH) { if (passwordHash === config.PASSWD_HASH) {