Merge pull request #1241 from dougalcorn/config-pbkdf-algorithm

Parameterize the PBKDF2 algorithm in application config
This commit is contained in:
Sam 2013-07-22 18:39:36 -07:00
commit ac47da1722
3 changed files with 11 additions and 11 deletions

View File

@ -542,7 +542,7 @@ class User < ActiveRecord::Base
end end
def hash_password(password, salt) def hash_password(password, salt)
Pbkdf2.hash_password(password, salt, Rails.configuration.pbkdf2_iterations) Pbkdf2.hash_password(password, salt, Rails.configuration.pbkdf2_iterations, Rails.configuration.pbkdf2_algorithm)
end end
def add_trust_level def add_trust_level
@ -674,4 +674,3 @@ end
# index_users_on_username (username) UNIQUE # index_users_on_username (username) UNIQUE
# index_users_on_username_lower (username_lower) UNIQUE # index_users_on_username_lower (username_lower) UNIQUE
# #

View File

@ -89,6 +89,7 @@ module Discourse
# per https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet # per https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
config.pbkdf2_iterations = 64000 config.pbkdf2_iterations = 64000
config.pbkdf2_algorithm = "sha256"
# dumping rack lock cause the message bus does not work with it (throw :async, it catches Exception) # dumping rack lock cause the message bus does not work with it (throw :async, it catches Exception)
# see: https://github.com/sporkrb/spork/issues/66 # see: https://github.com/sporkrb/spork/issues/66

View File

@ -2,32 +2,32 @@
# #
# Also PBKDF2 monkey patches string ... don't like that at all # Also PBKDF2 monkey patches string ... don't like that at all
# #
# Happy to move back to PBKDF2 ruby gem provided: # Happy to move back to PBKDF2 ruby gem provided:
# #
# 1. It works on Ruby 2.0 # 1. It works on Ruby 2.0
# 2. It works on 1.9.3 # 2. It works on 1.9.3
# 3. It does not monkey patch string # 3. It does not monkey patch string
require 'openssl' require 'openssl'
require 'xor' require 'xor'
class Pbkdf2 class Pbkdf2
def self.hash_password(password, salt, iterations)
h = OpenSSL::Digest::Digest.new("sha256") def self.hash_password(password, salt, iterations, algorithm = "sha256")
h = OpenSSL::Digest::Digest.new(algorithm)
u = ret = prf(h, password, salt + [1].pack("N")) u = ret = prf(h, password, salt + [1].pack("N"))
2.upto(iterations) do 2.upto(iterations) do
u = prf(h, password, u) u = prf(h, password, u)
ret.xor!(u) ret.xor!(u)
end end
ret.bytes.map{|b| ("0" + b.to_s(16))[-2..-1]}.join("") ret.bytes.map{|b| ("0" + b.to_s(16))[-2..-1]}.join("")
end end
protected protected
# fallback xor in case we need it for jruby ... way slower # fallback xor in case we need it for jruby ... way slower
def self.xor(x,y) def self.xor(x,y)