From 0e19d32806e321dcaf9022d3fd5cb97fc00a3245 Mon Sep 17 00:00:00 2001
From: Mike Blumenkrantz <zmike@osg.samsung.com>
Date: Fri, 5 Sep 2014 15:04:10 -0400
Subject: [PATCH] use e_auth hash function instead of eina hash for passwords

users should keep in mind that this is not the fort knox of password storage, and someone who copies your config file could rainbow table a short password stored with this hash very easily. at some point in the future, if someone has the interest and time, perhaps this can be improved

fix T1627
---
 src/modules/conf_display/e_int_config_desklock.c | 8 ++++----
 src/modules/lokker/lokker.c                      | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/modules/conf_display/e_int_config_desklock.c b/src/modules/conf_display/e_int_config_desklock.c
index 2a9a071de..880e0189f 100644
--- a/src/modules/conf_display/e_int_config_desklock.c
+++ b/src/modules/conf_display/e_int_config_desklock.c
@@ -435,7 +435,7 @@ _basic_apply(E_Config_Dialog *cfd __UNUSED__, E_Config_Dialog_Data *cfdata)
    if (e_config->desklock_auth_method == E_DESKLOCK_AUTH_METHOD_PERSONAL)
      {
         e_config->desklock_passwd =
-          eina_hash_djb2(cfdata->desklock_personal_passwd,
+          e_auth_hash_djb2(cfdata->desklock_personal_passwd,
           strlen(cfdata->desklock_personal_passwd));
      }
    else if (cfdata->desklock_auth_method == E_DESKLOCK_AUTH_METHOD_PIN)
@@ -450,7 +450,7 @@ _basic_apply(E_Config_Dialog *cfd __UNUSED__, E_Config_Dialog_Data *cfdata)
              if (errno) return 0; //NAN
              if (pp && pp[0]) return 0;
              if (test < 1) return 0;
-             e_config->desklock_pin = eina_hash_djb2(cfdata->pin_str, strlen(cfdata->pin_str));
+             e_config->desklock_pin = e_auth_hash_djb2(cfdata->pin_str, strlen(cfdata->pin_str));
           }
         else
           /* dumb, but let them do what they want... */
@@ -533,14 +533,14 @@ _basic_check_changed(E_Config_Dialog *cfd __UNUSED__, E_Config_Dialog_Data *cfda
    if (e_config->desklock_auth_method == E_DESKLOCK_AUTH_METHOD_PERSONAL)
      {
         if (e_config->desklock_passwd !=
-          eina_hash_djb2(cfdata->desklock_personal_passwd,
+          e_auth_hash_djb2(cfdata->desklock_personal_passwd,
           strlen(cfdata->desklock_personal_passwd)))
           return 1;
      }
    if (e_config->desklock_auth_method == E_DESKLOCK_AUTH_METHOD_PIN)
      {
         if (e_config->desklock_pin !=
-          eina_hash_djb2(cfdata->pin_str,
+          e_auth_hash_djb2(cfdata->pin_str,
           strlen(cfdata->pin_str)))
           return 1;
      }
diff --git a/src/modules/lokker/lokker.c b/src/modules/lokker/lokker.c
index 47281d522..15c6e1408 100644
--- a/src/modules/lokker/lokker.c
+++ b/src/modules/lokker/lokker.c
@@ -642,7 +642,7 @@ _lokker_check_auth(void)
    else if (e_desklock_is_personal())
      {
         if ((e_config->desklock_passwd) && (edd->passwd && edd->passwd[0]) &&
-            (e_config->desklock_passwd == eina_hash_djb2(edd->passwd, strlen(edd->passwd))))
+            (e_config->desklock_passwd == e_auth_hash_djb2(edd->passwd, strlen(edd->passwd))))
           {
              /* password ok */
              /* security - null out passwd string once we are done with it */
@@ -655,7 +655,7 @@ _lokker_check_auth(void)
      {
         if (edd->passwd[0])
           {
-             if (eina_hash_djb2(edd->passwd, strlen(edd->passwd)) ==
+             if (e_auth_hash_djb2(edd->passwd, strlen(edd->passwd)) ==
                  e_config->desklock_pin)
                {
                   _lokker_null();