diff options
| author | Mike Blumenkrantz <zmike@osg.samsung.com> | 2014-09-05 15:04:10 -0400 |
|---|---|---|
| committer | Mike Blumenkrantz <zmike@osg.samsung.com> | 2014-09-05 15:05:58 -0400 |
| commit | 0e19d32806e321dcaf9022d3fd5cb97fc00a3245 (patch) | |
| tree | 79be04637b6f54320958a84f8dd1dbea6e309a1b | |
| parent | 721dfe82c2edeb42db01fddd0f6f500e59eb7a7a (diff) | |
| download | enlightenment-0e19d32806e321dcaf9022d3fd5cb97fc00a3245.tar.gz | |
use e_auth hash function instead of eina hash for passwords
users should keep in mind that this is not the fort knox of password storage, and someone who copies your config file could rainbow table a short password stored with this hash very easily. at some point in the future, if someone has the interest and time, perhaps this can be improved
fix T1627
| -rw-r--r-- | src/modules/conf_display/e_int_config_desklock.c | 8 | ||||
| -rw-r--r-- | src/modules/lokker/lokker.c | 4 |
2 files changed, 6 insertions, 6 deletions
diff --git a/src/modules/conf_display/e_int_config_desklock.c b/src/modules/conf_display/e_int_config_desklock.c index 2a9a071de4..880e0189f6 100644 --- a/src/modules/conf_display/e_int_config_desklock.c +++ b/src/modules/conf_display/e_int_config_desklock.c @@ -435,7 +435,7 @@ _basic_apply(E_Config_Dialog *cfd __UNUSED__, E_Config_Dialog_Data *cfdata) if (e_config->desklock_auth_method == E_DESKLOCK_AUTH_METHOD_PERSONAL) { e_config->desklock_passwd = - eina_hash_djb2(cfdata->desklock_personal_passwd, + e_auth_hash_djb2(cfdata->desklock_personal_passwd, strlen(cfdata->desklock_personal_passwd)); } else if (cfdata->desklock_auth_method == E_DESKLOCK_AUTH_METHOD_PIN) @@ -450,7 +450,7 @@ _basic_apply(E_Config_Dialog *cfd __UNUSED__, E_Config_Dialog_Data *cfdata) if (errno) return 0; //NAN if (pp && pp[0]) return 0; if (test < 1) return 0; - e_config->desklock_pin = eina_hash_djb2(cfdata->pin_str, strlen(cfdata->pin_str)); + e_config->desklock_pin = e_auth_hash_djb2(cfdata->pin_str, strlen(cfdata->pin_str)); } else /* dumb, but let them do what they want... */ @@ -533,14 +533,14 @@ _basic_check_changed(E_Config_Dialog *cfd __UNUSED__, E_Config_Dialog_Data *cfda if (e_config->desklock_auth_method == E_DESKLOCK_AUTH_METHOD_PERSONAL) { if (e_config->desklock_passwd != - eina_hash_djb2(cfdata->desklock_personal_passwd, + e_auth_hash_djb2(cfdata->desklock_personal_passwd, strlen(cfdata->desklock_personal_passwd))) return 1; } if (e_config->desklock_auth_method == E_DESKLOCK_AUTH_METHOD_PIN) { if (e_config->desklock_pin != - eina_hash_djb2(cfdata->pin_str, + e_auth_hash_djb2(cfdata->pin_str, strlen(cfdata->pin_str))) return 1; } diff --git a/src/modules/lokker/lokker.c b/src/modules/lokker/lokker.c index 47281d5227..15c6e14086 100644 --- a/src/modules/lokker/lokker.c +++ b/src/modules/lokker/lokker.c @@ -642,7 +642,7 @@ _lokker_check_auth(void) else if (e_desklock_is_personal()) { if ((e_config->desklock_passwd) && (edd->passwd && edd->passwd[0]) && - (e_config->desklock_passwd == eina_hash_djb2(edd->passwd, strlen(edd->passwd)))) + (e_config->desklock_passwd == e_auth_hash_djb2(edd->passwd, strlen(edd->passwd)))) { /* password ok */ /* security - null out passwd string once we are done with it */ @@ -655,7 +655,7 @@ _lokker_check_auth(void) { if (edd->passwd[0]) { - if (eina_hash_djb2(edd->passwd, strlen(edd->passwd)) == + if (e_auth_hash_djb2(edd->passwd, strlen(edd->passwd)) == e_config->desklock_pin) { _lokker_null(); |