wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use hash with appended "a" of the original password for the authentication

Browse source
This commit is contained in:
Lukas Reschke 2016-01-08 18:07:19 +01:00
parent 9bb97c714b
commit 3b62459c41
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
apps/encryption/lib/crypto/crypt.php
View file

@ -475,6 +475,7 @@ class Crypt {
* @return string
*/
private function createSignature($data, $passPhrase) {
$passPhrase = hash('sha512', $passPhrase . 'a', true);
$signature = hash_hmac('sha256', $data, $passPhrase);
return $signature;
}
@ -607,14 +608,14 @@ class Crypt {
}
/**
* Generate a cryptographically secure pseudo-random base64 encoded 256-bit
* ASCII key, used as file key
* Generate a cryptographically secure pseudo-random 256-bit ASCII key, used
* as file key
*
* @return string
* @throws \Exception
*/
public function generateFileKey() {
return base64_encode(random_bytes(32));
return random_bytes(32);
}
/**