Deluge
diff options
| author | Anton Oussik <antonoussik@gmail.com> | 2015-08-29 21:19:47 +0100 |
|---|---|---|
| committer | Calum Lind <calumlind+deluge@gmail.com> | 2015-12-04 19:04:13 +0000 |
| commit | 431357f6230f91e816eef0ac01a4d42bc5bedcf2 (patch) | |
| tree | c1e4be0a16b6d22cb8b9e99676eb8624ea7fe7cf /deluge/ui/web/auth.py | |
| parent | 7eb037b3f42776aa0fd77da536efd3d4a3958bbd (diff) | |
| download | deluge-431357f6230f91e816eef0ac01a4d42bc5bedcf2.tar.gz deluge-431357f6230f91e816eef0ac01a4d42bc5bedcf2.tar.bz2 deluge-431357f6230f91e816eef0ac01a4d42bc5bedcf2.zip | |
[Core] [WebUI] Increase RSA key size and improve hashing
* Replace weak hashing functions, key sizes, and random number
generation techniques with less weak versions to prevent
crashes when running with the fips module loaded.
Diffstat (limited to 'deluge/ui/web/auth.py')
| -rw-r--r-- | deluge/ui/web/auth.py | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/deluge/ui/web/auth.py b/deluge/ui/web/auth.py index 57bccbec6..5ede83fde 100644 --- a/deluge/ui/web/auth.py +++ b/deluge/ui/web/auth.py @@ -9,7 +9,7 @@ import hashlib import logging -import random +import os import time from datetime import datetime, timedelta from email.utils import formatdate @@ -108,11 +108,8 @@ class Auth(JSONComponent): only for future use currently. :type login: string """ - m = hashlib.md5() - m.update(login) - m.update(str(time.time())) - m.update(str(random.getrandbits(40))) - m.update(m.hexdigest()) + m = hashlib.sha256() + m.update(os.urandom(32)) session_id = m.hexdigest() config = component.get("DelugeWeb").config @@ -248,7 +245,7 @@ class Auth(JSONComponent): :type new_password: string """ log.debug("Changing password") - salt = hashlib.sha1(str(random.getrandbits(40))).hexdigest() + salt = hashlib.sha1(os.urandom(32)).hexdigest() s = hashlib.sha1(salt) s.update(utf8_encoded(new_password)) config = component.get("DelugeWeb").config |