From 1a0cda1c7dc9fa0c5db0bce9a16d483c2a869b3e Mon Sep 17 00:00:00 2001
From: tomsmeding <hallo@tomsmeding.nl>
Date: Sat, 29 Aug 2015 11:35:50 +0200
Subject: More security -- BREAKING CHANGE

---
 client.js      | 4 +++-
 serverstore.js | 4 ++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/client.js b/client.js
index ef1812e..32c244b 100755
--- a/client.js
+++ b/client.js
@@ -235,9 +235,11 @@ function registerUser(userid,password){
 process.stdout.write("Username? ");
 userid=kbd.getLineSync().replace(/[^a-zA-Z0-9_-]/g,"");
 process.stdout.write("Password? ");
+var hasher=crypto.createHash("sha512");
 kbd.setEcho(false);
-password=kbd.getLineSync();
+hasher.update(kbd.getLineSync());
 kbd.setEcho(true);
+password=hasher.digest("hex");
 console.log("\nChecking existence...");
 
 userExists(userid,function(exists){
diff --git a/serverstore.js b/serverstore.js
index b2d7085..e7ffee6 100755
--- a/serverstore.js
+++ b/serverstore.js
@@ -16,7 +16,7 @@ var challenge=null;
 
 function renewChallenge(){
 	var entropy=crypto.randomBytes(256);
-	var hasher=crypto.createHash("sha256");
+	var hasher=crypto.createHash("sha512");
 	hasher.update(entropy);
 	challenge=hasher.digest("hex");
 }
@@ -71,7 +71,7 @@ app.param("userid",function(req,res,next,userid){
 });
 app.param("authhash",function(req,res,next,authhash){
 	var s=challenge+req.ssuser[1];
-	var hasher=crypto.createHash("sha256");
+	var hasher=crypto.createHash("sha512");
 	hasher.update(s);
 	var hashres=hasher.digest("hex");
 	if(hashres!=authhash){
-- 
cgit v1.2.3