forked from enlightenment/enlightenment
use e_auth hash function instead of eina hash for passwords
users should keep in mind that this is not the fort knox of password storage, and someone who copies your config file could rainbow table a short password stored with this hash very easily. at some point in the future, if someone has the interest and time, perhaps this can be improved fix T1627
This commit is contained in:
parent
721dfe82c2
commit
0e19d32806
|
@ -435,7 +435,7 @@ _basic_apply(E_Config_Dialog *cfd __UNUSED__, E_Config_Dialog_Data *cfdata)
|
|||
if (e_config->desklock_auth_method == E_DESKLOCK_AUTH_METHOD_PERSONAL)
|
||||
{
|
||||
e_config->desklock_passwd =
|
||||
eina_hash_djb2(cfdata->desklock_personal_passwd,
|
||||
e_auth_hash_djb2(cfdata->desklock_personal_passwd,
|
||||
strlen(cfdata->desklock_personal_passwd));
|
||||
}
|
||||
else if (cfdata->desklock_auth_method == E_DESKLOCK_AUTH_METHOD_PIN)
|
||||
|
@ -450,7 +450,7 @@ _basic_apply(E_Config_Dialog *cfd __UNUSED__, E_Config_Dialog_Data *cfdata)
|
|||
if (errno) return 0; //NAN
|
||||
if (pp && pp[0]) return 0;
|
||||
if (test < 1) return 0;
|
||||
e_config->desklock_pin = eina_hash_djb2(cfdata->pin_str, strlen(cfdata->pin_str));
|
||||
e_config->desklock_pin = e_auth_hash_djb2(cfdata->pin_str, strlen(cfdata->pin_str));
|
||||
}
|
||||
else
|
||||
/* dumb, but let them do what they want... */
|
||||
|
@ -533,14 +533,14 @@ _basic_check_changed(E_Config_Dialog *cfd __UNUSED__, E_Config_Dialog_Data *cfda
|
|||
if (e_config->desklock_auth_method == E_DESKLOCK_AUTH_METHOD_PERSONAL)
|
||||
{
|
||||
if (e_config->desklock_passwd !=
|
||||
eina_hash_djb2(cfdata->desklock_personal_passwd,
|
||||
e_auth_hash_djb2(cfdata->desklock_personal_passwd,
|
||||
strlen(cfdata->desklock_personal_passwd)))
|
||||
return 1;
|
||||
}
|
||||
if (e_config->desklock_auth_method == E_DESKLOCK_AUTH_METHOD_PIN)
|
||||
{
|
||||
if (e_config->desklock_pin !=
|
||||
eina_hash_djb2(cfdata->pin_str,
|
||||
e_auth_hash_djb2(cfdata->pin_str,
|
||||
strlen(cfdata->pin_str)))
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -642,7 +642,7 @@ _lokker_check_auth(void)
|
|||
else if (e_desklock_is_personal())
|
||||
{
|
||||
if ((e_config->desklock_passwd) && (edd->passwd && edd->passwd[0]) &&
|
||||
(e_config->desklock_passwd == eina_hash_djb2(edd->passwd, strlen(edd->passwd))))
|
||||
(e_config->desklock_passwd == e_auth_hash_djb2(edd->passwd, strlen(edd->passwd))))
|
||||
{
|
||||
/* password ok */
|
||||
/* security - null out passwd string once we are done with it */
|
||||
|
@ -655,7 +655,7 @@ _lokker_check_auth(void)
|
|||
{
|
||||
if (edd->passwd[0])
|
||||
{
|
||||
if (eina_hash_djb2(edd->passwd, strlen(edd->passwd)) ==
|
||||
if (e_auth_hash_djb2(edd->passwd, strlen(edd->passwd)) ==
|
||||
e_config->desklock_pin)
|
||||
{
|
||||
_lokker_null();
|
||||
|
|
Loading…
Reference in New Issue