diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2016-01-08 18:07:19 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2016-02-09 23:43:26 +0100 |
| commit | 3b62459c41fe56db00f2156535b0fe689bb43177 (patch) | |
| tree | f8df57d09978e5aa5faef0e273afc3d6b9c7f627 /apps/encryption | |
| parent | 9bb97c714bb2158fd019ba9efc24a8bc8595b499 (diff) | |
| download | nextcloud-server-3b62459c41fe56db00f2156535b0fe689bb43177.tar.gz nextcloud-server-3b62459c41fe56db00f2156535b0fe689bb43177.zip | |
Use hash with appended "a" of the original password for the authentication
Diffstat (limited to 'apps/encryption')
| -rw-r--r-- | apps/encryption/lib/crypto/crypt.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/apps/encryption/lib/crypto/crypt.php b/apps/encryption/lib/crypto/crypt.php index f27f55619af..790541bc07d 100644 --- a/apps/encryption/lib/crypto/crypt.php +++ b/apps/encryption/lib/crypto/crypt.php @@ -475,6 +475,7 @@ class Crypt { * @return string */ private function createSignature($data, $passPhrase) { + $passPhrase = hash('sha512', $passPhrase . 'a', true); $signature = hash_hmac('sha256', $data, $passPhrase); return $signature; } @@ -607,14 +608,14 @@ class Crypt { } /** - * Generate a cryptographically secure pseudo-random base64 encoded 256-bit - * ASCII key, used as file key + * Generate a cryptographically secure pseudo-random 256-bit ASCII key, used + * as file key * * @return string * @throws \Exception */ public function generateFileKey() { - return base64_encode(random_bytes(32)); + return random_bytes(32); } /** |