summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--deluge/core/rpcserver.py6
-rw-r--r--deluge/ui/web/auth.py11
2 files changed, 7 insertions, 10 deletions
diff --git a/deluge/core/rpcserver.py b/deluge/core/rpcserver.py
index 76177ed1f..d7f07e348 100644
--- a/deluge/core/rpcserver.py
+++ b/deluge/core/rpcserver.py
@@ -528,10 +528,10 @@ def generate_ssl_keys():
"""
This method generates a new SSL key/cert.
"""
- digest = "md5"
+ digest = "sha256"
# Generate key pair
pkey = crypto.PKey()
- pkey.generate_key(crypto.TYPE_RSA, 1024)
+ pkey.generate_key(crypto.TYPE_RSA, 2048)
# Generate cert request
req = crypto.X509Req()
@@ -544,7 +544,7 @@ def generate_ssl_keys():
cert = crypto.X509()
cert.set_serial_number(0)
cert.gmtime_adj_notBefore(0)
- cert.gmtime_adj_notAfter(60 * 60 * 24 * 365 * 5) # Five Years
+ cert.gmtime_adj_notAfter(60 * 60 * 24 * 365 * 3) # Three Years
cert.set_issuer(req.get_subject())
cert.set_subject(req.get_subject())
cert.set_pubkey(req.get_pubkey())
diff --git a/deluge/ui/web/auth.py b/deluge/ui/web/auth.py
index 57bccbec6..5ede83fde 100644
--- a/deluge/ui/web/auth.py
+++ b/deluge/ui/web/auth.py
@@ -9,7 +9,7 @@
import hashlib
import logging
-import random
+import os
import time
from datetime import datetime, timedelta
from email.utils import formatdate
@@ -108,11 +108,8 @@ class Auth(JSONComponent):
only for future use currently.
:type login: string
"""
- m = hashlib.md5()
- m.update(login)
- m.update(str(time.time()))
- m.update(str(random.getrandbits(40)))
- m.update(m.hexdigest())
+ m = hashlib.sha256()
+ m.update(os.urandom(32))
session_id = m.hexdigest()
config = component.get("DelugeWeb").config
@@ -248,7 +245,7 @@ class Auth(JSONComponent):
:type new_password: string
"""
log.debug("Changing password")
- salt = hashlib.sha1(str(random.getrandbits(40))).hexdigest()
+ salt = hashlib.sha1(os.urandom(32)).hexdigest()
s = hashlib.sha1(salt)
s.update(utf8_encoded(new_password))
config = component.get("DelugeWeb").config