Skip to content

Commit b10e602

Browse files
zeripathzeripath
committed
Try a slightly weaker version of the pbkdf2 algorithm
Signed-off-by: Andrew Thornton <[email protected]>
1 parent 47b282e commit b10e602

File tree

8 files changed

+84
-75
lines changed

8 files changed

+84
-75
lines changed

models/fixtures/user.yml

Lines changed: 64 additions & 64 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,8 @@
88
email: [email protected]
99
keep_email_private: false
1010
email_notifications_preference: enabled
11-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
12-
passwd_hash_algo: pbkdf2$320000$50
11+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
12+
passwd_hash_algo: pbkdf2$50000$50
1313
must_change_password: false
1414
login_source: 0
1515
login_name: user1
@@ -45,8 +45,8 @@
4545
email: [email protected]
4646
keep_email_private: true
4747
email_notifications_preference: enabled
48-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
49-
passwd_hash_algo: pbkdf2$320000$50
48+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
49+
passwd_hash_algo: pbkdf2$50000$50
5050
must_change_password: false
5151
login_source: 0
5252
login_name: user2
@@ -82,8 +82,8 @@
8282
email: [email protected]
8383
keep_email_private: false
8484
email_notifications_preference: onmention
85-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
86-
passwd_hash_algo: pbkdf2$320000$50
85+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
86+
passwd_hash_algo: pbkdf2$50000$50
8787
must_change_password: false
8888
login_source: 0
8989
login_name: user3
@@ -119,8 +119,8 @@
119119
email: [email protected]
120120
keep_email_private: false
121121
email_notifications_preference: onmention
122-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
123-
passwd_hash_algo: pbkdf2$320000$50
122+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
123+
passwd_hash_algo: pbkdf2$50000$50
124124
must_change_password: false
125125
login_source: 0
126126
login_name: user4
@@ -156,8 +156,8 @@
156156
email: [email protected]
157157
keep_email_private: false
158158
email_notifications_preference: enabled
159-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
160-
passwd_hash_algo: pbkdf2$320000$50
159+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
160+
passwd_hash_algo: pbkdf2$50000$50
161161
must_change_password: false
162162
login_source: 0
163163
login_name: user5
@@ -193,8 +193,8 @@
193193
email: [email protected]
194194
keep_email_private: false
195195
email_notifications_preference: enabled
196-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
197-
passwd_hash_algo: pbkdf2$320000$50
196+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
197+
passwd_hash_algo: pbkdf2$50000$50
198198
must_change_password: false
199199
login_source: 0
200200
login_name: user6
@@ -230,8 +230,8 @@
230230
email: [email protected]
231231
keep_email_private: false
232232
email_notifications_preference: disabled
233-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
234-
passwd_hash_algo: pbkdf2$320000$50
233+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
234+
passwd_hash_algo: pbkdf2$50000$50
235235
must_change_password: false
236236
login_source: 0
237237
login_name: user7
@@ -267,8 +267,8 @@
267267
email: [email protected]
268268
keep_email_private: false
269269
email_notifications_preference: enabled
270-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
271-
passwd_hash_algo: pbkdf2$320000$50
270+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
271+
passwd_hash_algo: pbkdf2$50000$50
272272
must_change_password: false
273273
login_source: 0
274274
login_name: user8
@@ -304,8 +304,8 @@
304304
email: [email protected]
305305
keep_email_private: false
306306
email_notifications_preference: onmention
307-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
308-
passwd_hash_algo: pbkdf2$320000$50
307+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
308+
passwd_hash_algo: pbkdf2$50000$50
309309
must_change_password: false
310310
login_source: 0
311311
login_name: user9
@@ -341,8 +341,8 @@
341341
email: [email protected]
342342
keep_email_private: false
343343
email_notifications_preference: enabled
344-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
345-
passwd_hash_algo: pbkdf2$320000$50
344+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
345+
passwd_hash_algo: pbkdf2$50000$50
346346
must_change_password: false
347347
login_source: 0
348348
login_name: user10
@@ -378,8 +378,8 @@
378378
email: [email protected]
379379
keep_email_private: false
380380
email_notifications_preference: enabled
381-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
382-
passwd_hash_algo: pbkdf2$320000$50
381+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
382+
passwd_hash_algo: pbkdf2$50000$50
383383
must_change_password: false
384384
login_source: 0
385385
login_name: user11
@@ -415,8 +415,8 @@
415415
email: [email protected]
416416
keep_email_private: false
417417
email_notifications_preference: enabled
418-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
419-
passwd_hash_algo: pbkdf2$320000$50
418+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
419+
passwd_hash_algo: pbkdf2$50000$50
420420
must_change_password: false
421421
login_source: 0
422422
login_name: user12
@@ -452,8 +452,8 @@
452452
email: [email protected]
453453
keep_email_private: false
454454
email_notifications_preference: enabled
455-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
456-
passwd_hash_algo: pbkdf2$320000$50
455+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
456+
passwd_hash_algo: pbkdf2$50000$50
457457
must_change_password: false
458458
login_source: 0
459459
login_name: user13
@@ -489,8 +489,8 @@
489489
email: [email protected]
490490
keep_email_private: false
491491
email_notifications_preference: enabled
492-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
493-
passwd_hash_algo: pbkdf2$320000$50
492+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
493+
passwd_hash_algo: pbkdf2$50000$50
494494
must_change_password: false
495495
login_source: 0
496496
login_name: user14
@@ -526,8 +526,8 @@
526526
email: [email protected]
527527
keep_email_private: false
528528
email_notifications_preference: enabled
529-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
530-
passwd_hash_algo: pbkdf2$320000$50
529+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
530+
passwd_hash_algo: pbkdf2$50000$50
531531
must_change_password: false
532532
login_source: 0
533533
login_name: user15
@@ -563,8 +563,8 @@
563563
email: [email protected]
564564
keep_email_private: false
565565
email_notifications_preference: enabled
566-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
567-
passwd_hash_algo: pbkdf2$320000$50
566+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
567+
passwd_hash_algo: pbkdf2$50000$50
568568
must_change_password: false
569569
login_source: 0
570570
login_name: user16
@@ -600,8 +600,8 @@
600600
email: [email protected]
601601
keep_email_private: false
602602
email_notifications_preference: enabled
603-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
604-
passwd_hash_algo: pbkdf2$320000$50
603+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
604+
passwd_hash_algo: pbkdf2$50000$50
605605
must_change_password: false
606606
login_source: 0
607607
login_name: user17
@@ -637,8 +637,8 @@
637637
email: [email protected]
638638
keep_email_private: false
639639
email_notifications_preference: enabled
640-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
641-
passwd_hash_algo: pbkdf2$320000$50
640+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
641+
passwd_hash_algo: pbkdf2$50000$50
642642
must_change_password: false
643643
login_source: 0
644644
login_name: user18
@@ -674,8 +674,8 @@
674674
email: [email protected]
675675
keep_email_private: false
676676
email_notifications_preference: enabled
677-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
678-
passwd_hash_algo: pbkdf2$320000$50
677+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
678+
passwd_hash_algo: pbkdf2$50000$50
679679
must_change_password: false
680680
login_source: 0
681681
login_name: user19
@@ -711,8 +711,8 @@
711711
email: [email protected]
712712
keep_email_private: false
713713
email_notifications_preference: enabled
714-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
715-
passwd_hash_algo: pbkdf2$320000$50
714+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
715+
passwd_hash_algo: pbkdf2$50000$50
716716
must_change_password: false
717717
login_source: 0
718718
login_name: user20
@@ -748,8 +748,8 @@
748748
email: [email protected]
749749
keep_email_private: false
750750
email_notifications_preference: enabled
751-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
752-
passwd_hash_algo: pbkdf2$320000$50
751+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
752+
passwd_hash_algo: pbkdf2$50000$50
753753
must_change_password: false
754754
login_source: 0
755755
login_name: user21
@@ -785,8 +785,8 @@
785785
email: [email protected]
786786
keep_email_private: false
787787
email_notifications_preference: enabled
788-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
789-
passwd_hash_algo: pbkdf2$320000$50
788+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
789+
passwd_hash_algo: pbkdf2$50000$50
790790
must_change_password: false
791791
login_source: 0
792792
login_name: limited_org
@@ -822,8 +822,8 @@
822822
email: [email protected]
823823
keep_email_private: false
824824
email_notifications_preference: enabled
825-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
826-
passwd_hash_algo: pbkdf2$320000$50
825+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
826+
passwd_hash_algo: pbkdf2$50000$50
827827
must_change_password: false
828828
login_source: 0
829829
login_name: privated_org
@@ -859,8 +859,8 @@
859859
email: [email protected]
860860
keep_email_private: true
861861
email_notifications_preference: enabled
862-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
863-
passwd_hash_algo: pbkdf2$320000$50
862+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
863+
passwd_hash_algo: pbkdf2$50000$50
864864
must_change_password: false
865865
login_source: 0
866866
login_name: user24
@@ -896,8 +896,8 @@
896896
email: [email protected]
897897
keep_email_private: false
898898
email_notifications_preference: enabled
899-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
900-
passwd_hash_algo: pbkdf2$320000$50
899+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
900+
passwd_hash_algo: pbkdf2$50000$50
901901
must_change_password: false
902902
login_source: 0
903903
login_name: org25
@@ -933,8 +933,8 @@
933933
email: [email protected]
934934
keep_email_private: false
935935
email_notifications_preference: onmention
936-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
937-
passwd_hash_algo: pbkdf2$320000$50
936+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
937+
passwd_hash_algo: pbkdf2$50000$50
938938
must_change_password: false
939939
login_source: 0
940940
login_name: org26
@@ -970,8 +970,8 @@
970970
email: [email protected]
971971
keep_email_private: false
972972
email_notifications_preference: enabled
973-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
974-
passwd_hash_algo: pbkdf2$320000$50
973+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
974+
passwd_hash_algo: pbkdf2$50000$50
975975
must_change_password: false
976976
login_source: 0
977977
login_name: user27
@@ -1007,8 +1007,8 @@
10071007
email: [email protected]
10081008
keep_email_private: true
10091009
email_notifications_preference: enabled
1010-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
1011-
passwd_hash_algo: pbkdf2$320000$50
1010+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
1011+
passwd_hash_algo: pbkdf2$50000$50
10121012
must_change_password: false
10131013
login_source: 0
10141014
login_name: user28
@@ -1044,8 +1044,8 @@
10441044
email: [email protected]
10451045
keep_email_private: false
10461046
email_notifications_preference: enabled
1047-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
1048-
passwd_hash_algo: pbkdf2$320000$50
1047+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
1048+
passwd_hash_algo: pbkdf2$50000$50
10491049
must_change_password: false
10501050
login_source: 0
10511051
login_name: user29
@@ -1081,8 +1081,8 @@
10811081
email: [email protected]
10821082
keep_email_private: false
10831083
email_notifications_preference: enabled
1084-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
1085-
passwd_hash_algo: pbkdf2$320000$50
1084+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
1085+
passwd_hash_algo: pbkdf2$50000$50
10861086
must_change_password: false
10871087
login_source: 0
10881088
login_name: user30
@@ -1118,8 +1118,8 @@
11181118
email: [email protected]
11191119
keep_email_private: false
11201120
email_notifications_preference: enabled
1121-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
1122-
passwd_hash_algo: pbkdf2$320000$50
1121+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
1122+
passwd_hash_algo: pbkdf2$50000$50
11231123
must_change_password: false
11241124
login_source: 0
11251125
login_name: user31
@@ -1192,8 +1192,8 @@
11921192
email: [email protected]
11931193
keep_email_private: false
11941194
email_notifications_preference: enabled
1195-
passwd: b4910a161a57b686958f6aa711b16316e10a76b3b8c15d2d76b76d5a6071ee2f2e761d85092f27a7170d6f063da5606bcd3c
1196-
passwd_hash_algo: pbkdf2$320000$50
1195+
passwd: e82bc8ae42a53b98c3bd0f941aacc4aa2a264407534b0a11bf270137f67af912f694b67951f92148c45f91717e1478ca7889
1196+
passwd_hash_algo: pbkdf2$50000$50
11971197
must_change_password: false
11981198
login_source: 0
11991199
login_name: user33

modules/auth/password/hash/argon2.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ import (
1313
)
1414

1515
func init() {
16-
registerHasher("argon2", NewArgon2Hasher)
16+
Register("argon2", NewArgon2Hasher)
1717
}
1818

1919
// Argon2Hasher implements PasswordHasher

modules/auth/password/hash/bcrypt.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ import (
88
)
99

1010
func init() {
11-
registerHasher("bcrypt", NewBcryptHasher)
11+
Register("bcrypt", NewBcryptHasher)
1212
}
1313

1414
// BcryptHasher implements PasswordHasher

modules/auth/password/hash/hash.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,9 @@ var (
8383
availableHasherFactories = map[string]func(string) PasswordSaltHasher{}
8484
)
8585

86-
func registerHasher[T PasswordSaltHasher](name string, newFn func(config string) T) {
86+
// Register registers a PasswordSaltHasher with the availableHasherFactories
87+
// This is not thread safe.
88+
func Register[T PasswordSaltHasher](name string, newFn func(config string) T) {
8789
if _, has := availableHasherFactories[name]; has {
8890
panic(fmt.Errorf("duplicate registration of password salt hasher: %s", name))
8991
}
@@ -122,9 +124,7 @@ func Parse(algorithm string) *PasswordHashAlgorithm {
122124
if len(vals) == 0 {
123125
return nil
124126
}
125-
if len(vals) > 0 {
126-
name = vals[0]
127-
}
127+
name = vals[0]
128128
if len(vals) > 1 {
129129
config = vals[1]
130130
}

0 commit comments

Comments
 (0)