mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use hash with appended "a" of the original password for the authentication

This commit is contained in:
Lukas Reschke 2016-01-08 18:07:19 +01:00
parent 9bb97c714b
commit 3b62459c41
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
apps/encryption/lib/crypto/crypt.php
View File

@ -475,6 +475,7 @@ class Crypt {
* @return string * @return string
*/ */
private function createSignature($data, $passPhrase) { private function createSignature($data, $passPhrase) {
$passPhrase = hash('sha512', $passPhrase . 'a', true);
$signature = hash_hmac('sha256', $data, $passPhrase); $signature = hash_hmac('sha256', $data, $passPhrase);
return $signature; return $signature;
} }
@ -607,14 +608,14 @@ class Crypt {
} }
/** /**
* Generate a cryptographically secure pseudo-random base64 encoded 256-bit * Generate a cryptographically secure pseudo-random 256-bit ASCII key, used
* ASCII key, used as file key * as file key
* *
* @return string * @return string
* @throws \Exception * @throws \Exception
*/ */
public function generateFileKey() { public function generateFileKey() {
return base64_encode(random_bytes(32)); return random_bytes(32);
} }
/** /**