summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2015-11-01 10:37:56 +0100
committerYorhel <git@yorhel.nl>2015-11-01 10:38:43 +0100
commit3de8d24697511fe324cae2526eb65d6aafb5968b (patch)
treeb34f6a3b91352d9f753d9d3e3ae0e1a93acc758c
parent4b1807a58912ff0b4542063071e072ccf53fd1bd (diff)
Removed support for sha256-hashed passwords
They had to be deleted from the database at some point, otherwise we still have thousands of easily-cracked password hashes in the database. Note that I could have opted to use scrypt on top of the sha256 hashes so the passwords would remain secure without needing to reset everything, but doing that after one year of switching to scrypt is likely not worth it. Everyone who still actively uses his account has already been converted to scrypt, everyone else should just reset their password whevener they decide to come back.
-rw-r--r--data/config_example.pl5
-rw-r--r--data/global.pl3
-rw-r--r--lib/Multi/API.pm6
-rw-r--r--lib/VNDB/Util/Auth.pm23
-rw-r--r--util/sql/schema.sql3
-rw-r--r--util/updates/update_2.26.sql3
6 files changed, 9 insertions, 34 deletions
diff --git a/data/config_example.pl b/data/config_example.pl
index b1e405ce..96f003fc 100644
--- a/data/config_example.pl
+++ b/data/config_example.pl
@@ -17,9 +17,8 @@ package VNDB;
%S,
url => 'http://your.site.root/',
url_static => 'http://your.static.site.root/',
- global_salt => '<some long unique string>',
- form_salt => '<another unique string>',
- scrypt_salt => '<yet another unique string>',
+ form_salt => '<some unique string>',
+ scrypt_salt => '<another unique string>',
);
diff --git a/data/global.pl b/data/global.pl
index 4fefee29..1e3f90dc 100644
--- a/data/global.pl
+++ b/data/global.pl
@@ -21,8 +21,7 @@ our %S;
url => 'http://vndb.org', # Only used by Multi, web pages infer their own address
url_static => 'http://s.vndb.org',
skin_default => 'angel',
- global_salt => 'any-private-string-here',
- form_salt => 'a-different-private-string-here',
+ form_salt => 'a-private-string-here',
scrypt_args => [ 65536, 8, 1 ], # N, r, p
scrypt_salt => 'another-random-string',
regen_static => 0,
diff --git a/lib/Multi/API.pm b/lib/Multi/API.pm
index f75ea4f9..1ed62682 100644
--- a/lib/Multi/API.pm
+++ b/lib/Multi/API.pm
@@ -11,7 +11,6 @@ use Multi::Core;
use AnyEvent::Socket;
use AnyEvent::Handle;
use POE::Filter::VNDBAPI 'encode_filters';
-use Digest::SHA 'sha256';
use Encode 'encode_utf8', 'decode_utf8';
use Crypt::ScryptKDF 'scrypt_raw';;
use VNDBUtil 'normalize_query', 'norm_ip';
@@ -277,10 +276,7 @@ sub login_verify {
my $uid = $res->value(0,0);
my $accepted = 0;
- if(length $passwd == 41) { # Old sha256
- my $salt = substr $passwd, 0, 9;
- $accepted = sha256($VNDB::S{global_salt}.encode_utf8($arg->{password}).$salt) eq substr $passwd, 9;
- } elsif(length $passwd == 46) { # New scrypt
+ if(length $passwd == 46) { # scrypt
my($N, $r, $p, $salt, $hash) = unpack 'NCCa8a*', $passwd;
$accepted = $hash eq scrypt_raw($arg->{password}, $VNDB::S{scrypt_salt} . $salt, $N, $r, $p, 32);
} else {
diff --git a/lib/VNDB/Util/Auth.pm b/lib/VNDB/Util/Auth.pm
index a1c6cf08..0c3b5b73 100644
--- a/lib/VNDB/Util/Auth.pm
+++ b/lib/VNDB/Util/Auth.pm
@@ -5,7 +5,7 @@ package VNDB::Util::Auth;
use strict;
use warnings;
use Exporter 'import';
-use Digest::SHA qw|sha1 sha1_hex sha256|;
+use Digest::SHA qw|sha1 sha1_hex|;
use Crypt::URandom 'urandom';
use Crypt::ScryptKDF 'scrypt_raw';
use Encode 'encode_utf8';
@@ -112,16 +112,7 @@ sub _authCheck {
my $d = $self->dbUserGet(username => $user, what => 'extended notifycount')->[0];
return 0 if !$d->{id};
- # Old-style hashes
- if(length $d->{passwd} == 41) {
- return 0 if _authPreparePassSha256($self, $pass, substr $d->{passwd}, 0, 9) ne $d->{passwd};
- $self->{_auth} = $d;
- # Update database with new hash format, now that we have the plain text password
- $self->dbUserEdit($d->{id}, passwd => $self->authPreparePass($pass));
- return 1;
- }
-
- # New scrypt hashes
+ # scrypt format
if(length $d->{passwd} == 46) {
my($N, $r, $p, $salt) = unpack 'NCCa8', $d->{passwd};
return 0 if $self->authPreparePass($pass, $salt, $N, $r, $p) ne $d->{passwd};
@@ -144,16 +135,6 @@ sub authPreparePass {
}
-# Same as authPreparePass, but for the old sha256 hash.
-# Arguments: pass, optionally salt
-# Returns: encrypted password (as a binary string)
-sub _authPreparePassSha256 {
- my($self, $pass, $salt) = @_;
- $salt ||= encode_utf8(randomascii(9));
- return $salt.sha256($self->{global_salt} . encode_utf8($pass) . $salt);
-}
-
-
# Generates a random token that can be used to reset the password.
# Returns: token (hex string), token-encrypted (binary string)
sub authPrepareReset {
diff --git a/util/sql/schema.sql b/util/sql/schema.sql
index 9f78cf51..ffc20cc2 100644
--- a/util/sql/schema.sql
+++ b/util/sql/schema.sql
@@ -551,9 +551,6 @@ CREATE TABLE users (
-- First 9 bytes: salt (ASCII)
-- Latter 20 bytes: sha1(hex(token) + salt)
-- 'token' is a sha1 digest obtained from random data.
- -- * 41 bytes: sha256 password
- -- First 9 bytes: salt (ASCII)
- -- Latter 32 bytes: sha256(global_salt + password + salt)
-- * 46 bytes: scrypt password
-- 4 bytes: N (big endian)
-- 1 byte: r
diff --git a/util/updates/update_2.26.sql b/util/updates/update_2.26.sql
index 5d1c403f..04534b98 100644
--- a/util/updates/update_2.26.sql
+++ b/util/updates/update_2.26.sql
@@ -1,2 +1,5 @@
-- No more 'staffedit' permission flag
UPDATE users SET perm = (perm & ~8);
+
+-- Removed support for sha256-hashed passwords
+UPDATE users SET passwd = '' WHERE length(passwd) = 41;