-- Leo's gemini proxy
-- Connecting to git.thebackupbox.net:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
repo: urcd action: commit revision: path_from: revision_from: 353e6718ae5e20a81b6920251d949b43aab1d745: path_to: revision_to:
commit 353e6718ae5e20a81b6920251d949b43aab1d745
Author: root <root@localhost.(none)>
Date: Tue Jul 22 07:14:33 2014 +0000
[CryptoServ] (security) salt passwd with nick to avoid seckey collisions
diff --git a/src/cryptoserv.c b/src/cryptoserv.c
--- a/src/cryptoserv.c
+++ b/src/cryptoserv.c
@@ -206,6 +206,7 @@ main(int argc, char *argv[])
continue;
}close(fd);
crypto_hash_sha512(sk,buffer0+20+9,-20-9+i-1); // hashes everything sans \n
+ crypto_hash_sha512(sk,buffer2+2+12+4+8+32,nicklen); // salt with nick to avoid collisions
crypto_sign_keypair(pk1,sk);
if (memcmp(pk0,pk1,32)) {
memcpy(buffer2+2+12+4+8+32+nicklen+2,"Invalid passwd.\n",16);
@@ -245,6 +246,7 @@ main(int argc, char *argv[])
if ((i>=20+9+1+1)&&(!memcmp("register ",buffer1+20,9))) {
if ((identified) || (time((long *)0)-starttime<128)) goto HELP;
crypto_hash_sha512(sk,buffer0+20+9,-20-9+i-1); // hashes everything sans \n
+ crypto_hash_sha512(sk,buffer2+2+12+4+8+32,nicklen); // salt with nick to avoid collisions
REGISTER:
crypto_sign_keypair(pk0,sk);
bzero(path,512);
@@ -299,6 +301,7 @@ main(int argc, char *argv[])
if ((i>=20+13+1+1)&&(!memcmp("set password ",buffer1+20,13))) {
if (!identified) goto HELP;
crypto_hash_sha512(sk,buffer0+20+13,-20-13+i-1); // hashes everything sans \n
+ crypto_hash_sha512(sk,buffer2+2+12+4+8+32,nicklen); // salt with nick to avoid collisions
goto REGISTER;
}
-----END OF PAGE-----
-- Response ended
-- Page fetched on Sun Jun 2 18:09:43 2024