summaryrefslogtreecommitdiffstats
path: root/deluge/ui/web
diff options
context:
space:
mode:
authorAnton Oussik <antonoussik@gmail.com>2015-08-29 21:19:47 +0100
committerCalum Lind <calumlind+deluge@gmail.com>2015-12-04 19:04:13 +0000
commit431357f6230f91e816eef0ac01a4d42bc5bedcf2 (patch)
treec1e4be0a16b6d22cb8b9e99676eb8624ea7fe7cf /deluge/ui/web
parent7eb037b3f42776aa0fd77da536efd3d4a3958bbd (diff)
downloaddeluge-431357f6230f91e816eef0ac01a4d42bc5bedcf2.tar.gz
deluge-431357f6230f91e816eef0ac01a4d42bc5bedcf2.tar.bz2
deluge-431357f6230f91e816eef0ac01a4d42bc5bedcf2.zip
[Core] [WebUI] Increase RSA key size and improve hashing
* Replace weak hashing functions, key sizes, and random number generation techniques with less weak versions to prevent crashes when running with the fips module loaded.
Diffstat (limited to 'deluge/ui/web')
-rw-r--r--deluge/ui/web/auth.py11
1 files changed, 4 insertions, 7 deletions
diff --git a/deluge/ui/web/auth.py b/deluge/ui/web/auth.py
index 57bccbec6..5ede83fde 100644
--- a/deluge/ui/web/auth.py
+++ b/deluge/ui/web/auth.py
@@ -9,7 +9,7 @@
import hashlib
import logging
-import random
+import os
import time
from datetime import datetime, timedelta
from email.utils import formatdate
@@ -108,11 +108,8 @@ class Auth(JSONComponent):
only for future use currently.
:type login: string
"""
- m = hashlib.md5()
- m.update(login)
- m.update(str(time.time()))
- m.update(str(random.getrandbits(40)))
- m.update(m.hexdigest())
+ m = hashlib.sha256()
+ m.update(os.urandom(32))
session_id = m.hexdigest()
config = component.get("DelugeWeb").config
@@ -248,7 +245,7 @@ class Auth(JSONComponent):
:type new_password: string
"""
log.debug("Changing password")
- salt = hashlib.sha1(str(random.getrandbits(40))).hexdigest()
+ salt = hashlib.sha1(os.urandom(32)).hexdigest()
s = hashlib.sha1(salt)
s.update(utf8_encoded(new_password))
config = component.get("DelugeWeb").config