use e_auth hash function instead of eina hash for passwords

users should keep in mind that this is not the fort knox of password storage, and someone who copies your config file could rainbow table a short password stored with this hash very easily. at some point in the future, if someone has the interest and time, perhaps this can be improved fix T1627
2014-09-05 15:04:10 -04:00 · 2014-09-05 15:04:10 -04:00 · 0e19d32806
parent 721dfe82c2
commit 0e19d32806
2 changed files with 6 additions and 6 deletions
--- a/src/modules/conf_display/e_int_config_desklock.c
+++ b/src/modules/conf_display/e_int_config_desklock.c
@ -435,7 +435,7 @@ _basic_apply(E_Config_Dialog *cfd __UNUSED__, E_Config_Dialog_Data *cfdata)
   if (e_config->desklock_auth_method == E_DESKLOCK_AUTH_METHOD_PERSONAL)
     {
        e_config->desklock_passwd =
-          eina_hash_djb2(cfdata->desklock_personal_passwd,
+          e_auth_hash_djb2(cfdata->desklock_personal_passwd,
          strlen(cfdata->desklock_personal_passwd));
     }
   else if (cfdata->desklock_auth_method == E_DESKLOCK_AUTH_METHOD_PIN)
@ -450,7 +450,7 @@ _basic_apply(E_Config_Dialog *cfd __UNUSED__, E_Config_Dialog_Data *cfdata)
             if (errno) return 0; //NAN
             if (pp && pp[0]) return 0;
             if (test < 1) return 0;
-             e_config->desklock_pin = eina_hash_djb2(cfdata->pin_str, strlen(cfdata->pin_str));
+             e_config->desklock_pin = e_auth_hash_djb2(cfdata->pin_str, strlen(cfdata->pin_str));
          }
        else
          /* dumb, but let them do what they want... */
@ -533,14 +533,14 @@ _basic_check_changed(E_Config_Dialog *cfd __UNUSED__, E_Config_Dialog_Data *cfda
   if (e_config->desklock_auth_method == E_DESKLOCK_AUTH_METHOD_PERSONAL)
     {
        if (e_config->desklock_passwd !=
-          eina_hash_djb2(cfdata->desklock_personal_passwd,
+          e_auth_hash_djb2(cfdata->desklock_personal_passwd,
          strlen(cfdata->desklock_personal_passwd)))
          return 1;
     }
   if (e_config->desklock_auth_method == E_DESKLOCK_AUTH_METHOD_PIN)
     {
        if (e_config->desklock_pin !=
-          eina_hash_djb2(cfdata->pin_str,
+          e_auth_hash_djb2(cfdata->pin_str,
          strlen(cfdata->pin_str)))
          return 1;
     }
--- a/src/modules/lokker/lokker.c
+++ b/src/modules/lokker/lokker.c
@ -642,7 +642,7 @@ _lokker_check_auth(void)
   else if (e_desklock_is_personal())
     {
        if ((e_config->desklock_passwd) && (edd->passwd && edd->passwd[0]) &&
-            (e_config->desklock_passwd == eina_hash_djb2(edd->passwd, strlen(edd->passwd))))
+            (e_config->desklock_passwd == e_auth_hash_djb2(edd->passwd, strlen(edd->passwd))))
          {
             /* password ok */
             /* security - null out passwd string once we are done with it */
@ -655,7 +655,7 @@ _lokker_check_auth(void)
     {
        if (edd->passwd[0])
          {
-             if (eina_hash_djb2(edd->passwd, strlen(edd->passwd)) ==
+             if (e_auth_hash_djb2(edd->passwd, strlen(edd->passwd)) ==
                 e_config->desklock_pin)
               {
                  _lokker_null();