More security -- BREAKING CHANGE

author: tomsmeding <hallo@tomsmeding.nl> 2015-08-29 11:35:50 +0200
committer: tomsmeding <hallo@tomsmeding.nl> 2015-08-29 11:35:50 +0200
commit: 1a0cda1c7dc9fa0c5db0bce9a16d483c2a869b3e (patch)
tree: a4a1c96c5b2c84f9e93e2c6f906151b38b9a5a95
parent: 5a9bb42ee6cb7d46cbd9c84ae24f75e05392d0f0 (diff)
2 files changed, 5 insertions, 3 deletions
diff --git a/client.js b/client.js
index ef1812e..32c244b 100755
--- a/client.js
+++ b/client.js
@@ -235,9 +235,11 @@ function registerUser(userid,password){
 process.stdout.write("Username? ");
 userid=kbd.getLineSync().replace(/[^a-zA-Z0-9_-]/g,"");
 process.stdout.write("Password? ");
+var hasher=crypto.createHash("sha512");
 kbd.setEcho(false);
-password=kbd.getLineSync();
+hasher.update(kbd.getLineSync());
 kbd.setEcho(true);
+password=hasher.digest("hex");
 console.log("\nChecking existence...");
 
 userExists(userid,function(exists){
diff --git a/serverstore.js b/serverstore.js
index b2d7085..e7ffee6 100755
--- a/serverstore.js
+++ b/serverstore.js
@@ -16,7 +16,7 @@ var challenge=null;
 
 function renewChallenge(){
 	var entropy=crypto.randomBytes(256);
-	var hasher=crypto.createHash("sha256");
+	var hasher=crypto.createHash("sha512");
 	hasher.update(entropy);
 	challenge=hasher.digest("hex");
 }
@@ -71,7 +71,7 @@ app.param("userid",function(req,res,next,userid){
 });
 app.param("authhash",function(req,res,next,authhash){
 	var s=challenge+req.ssuser[1];
-	var hasher=crypto.createHash("sha256");
+	var hasher=crypto.createHash("sha512");
 	hasher.update(s);
 	var hashres=hasher.digest("hex");
 	if(hashres!=authhash){
author	tomsmeding <hallo@tomsmeding.nl>	2015-08-29 11:35:50 +0200
committer	tomsmeding <hallo@tomsmeding.nl>	2015-08-29 11:35:50 +0200
commit	1a0cda1c7dc9fa0c5db0bce9a16d483c2a869b3e (patch)
tree	a4a1c96c5b2c84f9e93e2c6f906151b38b9a5a95
parent	5a9bb42ee6cb7d46cbd9c84ae24f75e05392d0f0 (diff)