The big Anavrins security update (round 1)
This commit is contained in:
kepler155c@gmail.com
@@ -1,7 +1,6 @@
|
||||
local Ansi = require('ansi')
|
||||
local Config = require('config')
|
||||
local Security = require('security')
|
||||
local SHA1 = require('sha1')
|
||||
local SHA2 = require('crypto.sha2')
|
||||
local UI = require('ui')
|
||||
|
||||
local colors = _G.colors
|
||||
@@ -108,7 +107,7 @@ end
|
||||
|
||||
function page.wizard.pages.password:validate()
|
||||
if #self.newPass.value > 0 then
|
||||
Security.updatePassword(SHA1.sha1(self.newPass.value))
|
||||
Security.updatePassword(SHA2.digest(self.newPass.value):toHex())
|
||||
end
|
||||
--[[
|
||||
if #self.group.value > 0 then
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
local Crypto = require('crypto')
|
||||
local Crypto = require('crypto.chacha20')
|
||||
local Event = require('event')
|
||||
local Security = require('security')
|
||||
local Socket = require('socket')
|
||||
@@ -14,7 +14,7 @@ local function trustConnection(socket)
|
||||
data = Crypto.decrypt(data, password)
|
||||
if data and data.pk and data.dh == socket.dhost then
|
||||
local trustList = Util.readTable('usr/.known_hosts') or { }
|
||||
trustList[data.dh] = data.pk
|
||||
trustList[data.dh] = Util.byteArrayToHex(data.pk)
|
||||
Util.writeTable('usr/.known_hosts', trustList)
|
||||
|
||||
socket:write({ success = true, msg = 'Trust accepted' })
|
||||
@@ -26,8 +26,8 @@ local function trustConnection(socket)
|
||||
end
|
||||
|
||||
Event.addRoutine(function()
|
||||
|
||||
print('trust: listening on port 19')
|
||||
|
||||
while true do
|
||||
local socket = Socket.server(19)
|
||||
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
local Security = require('security')
|
||||
local SHA1 = require('sha1')
|
||||
local SHA2 = require('crypto.sha2')
|
||||
local Terminal = require('terminal')
|
||||
|
||||
local password = Terminal.readPassword('Enter new password: ')
|
||||
|
||||
if password then
|
||||
Security.updatePassword(SHA1.sha1(password))
|
||||
Security.updatePassword(SHA2.digest(password):toHex())
|
||||
print('Password updated')
|
||||
end
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
local Security = require('security')
|
||||
local SHA1 = require('sha1')
|
||||
local SHA2 = require('crypto.sha2')
|
||||
local UI = require('ui')
|
||||
|
||||
local colors = _G.colors
|
||||
@@ -40,11 +40,11 @@ function passwordTab:eventHandler(event)
|
||||
if #self.newPass.value == 0 then
|
||||
self:emit({ type = 'error_message', message = 'Invalid password' })
|
||||
|
||||
elseif Security.getPassword() and not Security.verifyPassword(SHA1.sha1(self.oldPass.value)) then
|
||||
elseif Security.getPassword() and not Security.verifyPassword(SHA2.digest(self.oldPass.value):toHex()) then
|
||||
self:emit({ type = 'error_message', message = 'Passwords do not match' })
|
||||
|
||||
else
|
||||
Security.updatePassword(SHA1.sha1(self.newPass.value))
|
||||
Security.updatePassword(SHA2.digest(self.newPass.value):toHex())
|
||||
self.oldPass.inactive = false
|
||||
self:emit({ type = 'success_message', message = 'Password updated' })
|
||||
end
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
local Crypto = require('crypto')
|
||||
local Crypto = require('crypto.chacha20')
|
||||
local Security = require('security')
|
||||
local SHA1 = require('sha1')
|
||||
local SHA2 = require('crypto.sha2')
|
||||
local Socket = require('socket')
|
||||
local Terminal = require('terminal')
|
||||
|
||||
@@ -35,7 +35,7 @@ end
|
||||
|
||||
local publicKey = Security.getPublicKey()
|
||||
|
||||
socket:write(Crypto.encrypt({ pk = publicKey, dh = os.getComputerID() }, SHA1.sha1(password)))
|
||||
socket:write(Crypto.encrypt({ pk = publicKey, dh = os.getComputerID() }, SHA2.digest(password):toHex()))
|
||||
|
||||
local data = socket:read(2)
|
||||
socket:close()
|
||||
|
||||
Reference in New Issue
Block a user