Use hash with appended "a" of the original password for the authentication

This commit is contained in:
Lukas Reschke 2016-01-08 18:07:19 +01:00
parent 9bb97c714b
commit 3b62459c41
1 changed files with 4 additions and 3 deletions

View File

@ -475,6 +475,7 @@ class Crypt {
* @return string
*/
private function createSignature($data, $passPhrase) {
$passPhrase = hash('sha512', $passPhrase . 'a', true);
$signature = hash_hmac('sha256', $data, $passPhrase);
return $signature;
}
@ -607,14 +608,14 @@ class Crypt {
}
/**
* Generate a cryptographically secure pseudo-random base64 encoded 256-bit
* ASCII key, used as file key
* Generate a cryptographically secure pseudo-random 256-bit ASCII key, used
* as file key
*
* @return string
* @throws \Exception
*/
public function generateFileKey() {
return base64_encode(random_bytes(32));
return random_bytes(32);
}
/**