From 1a0cda1c7dc9fa0c5db0bce9a16d483c2a869b3e Mon Sep 17 00:00:00 2001 From: tomsmeding Date: Sat, 29 Aug 2015 11:35:50 +0200 Subject: More security -- BREAKING CHANGE --- client.js | 4 +++- serverstore.js | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/client.js b/client.js index ef1812e..32c244b 100755 --- a/client.js +++ b/client.js @@ -235,9 +235,11 @@ function registerUser(userid,password){ process.stdout.write("Username? "); userid=kbd.getLineSync().replace(/[^a-zA-Z0-9_-]/g,""); process.stdout.write("Password? "); +var hasher=crypto.createHash("sha512"); kbd.setEcho(false); -password=kbd.getLineSync(); +hasher.update(kbd.getLineSync()); kbd.setEcho(true); +password=hasher.digest("hex"); console.log("\nChecking existence..."); userExists(userid,function(exists){ diff --git a/serverstore.js b/serverstore.js index b2d7085..e7ffee6 100755 --- a/serverstore.js +++ b/serverstore.js @@ -16,7 +16,7 @@ var challenge=null; function renewChallenge(){ var entropy=crypto.randomBytes(256); - var hasher=crypto.createHash("sha256"); + var hasher=crypto.createHash("sha512"); hasher.update(entropy); challenge=hasher.digest("hex"); } @@ -71,7 +71,7 @@ app.param("userid",function(req,res,next,userid){ }); app.param("authhash",function(req,res,next,authhash){ var s=challenge+req.ssuser[1]; - var hasher=crypto.createHash("sha256"); + var hasher=crypto.createHash("sha512"); hasher.update(s); var hashres=hasher.digest("hex"); if(hashres!=authhash){ -- cgit v1.2.3-70-g09d2