random salt for passwords

This commit is contained in:
Jakob Ketterl 2021-02-06 18:43:37 +01:00
parent 8806dc538e
commit e548d6a5de

View File

@ -2,6 +2,7 @@ from abc import ABC, abstractmethod
from owrx.config import CoreConfig from owrx.config import CoreConfig
import json import json
import hashlib import hashlib
import os
import logging import logging
@ -61,20 +62,19 @@ class HashedPassword(Password):
def _createFromString(self, pw: str, algorithm: str): def _createFromString(self, pw: str, algorithm: str):
self._algorithm = algorithm self._algorithm = algorithm
# TODO: random salt self._salt = os.urandom(32)
self._salt = "constant" dk = hashlib.pbkdf2_hmac(self._algorithm, pw.encode(), self._salt, self.iterations)
dk = hashlib.pbkdf2_hmac(self._algorithm, pw.encode(), self._salt.encode(), self.iterations)
self._hash = dk.hex() self._hash = dk.hex()
pass pass
def _loadFromDict(self, d: dict): def _loadFromDict(self, d: dict):
self._hash = d["value"] self._hash = d["value"]
self._algorithm = d["algorithm"] self._algorithm = d["algorithm"]
self._salt = d["salt"] self._salt = bytes.fromhex(d["salt"])
pass pass
def is_valid(self, inp: str) -> bool: def is_valid(self, inp: str) -> bool:
dk = hashlib.pbkdf2_hmac(self._algorithm, inp.encode(), self._salt.encode(), self.iterations) dk = hashlib.pbkdf2_hmac(self._algorithm, inp.encode(), self._salt, self.iterations)
return dk.hex() == self._hash return dk.hex() == self._hash
def toJson(self) -> dict: def toJson(self) -> dict:
@ -82,7 +82,7 @@ class HashedPassword(Password):
"encoding": "hash", "encoding": "hash",
"value": self._hash, "value": self._hash,
"algorithm": self._algorithm, "algorithm": self._algorithm,
"salt": self._salt, "salt": self._salt.hex(),
} }