From 5fe27abec31267a2b18143b52ae312eb9569f37b Mon Sep 17 00:00:00 2001 From: "ed@djsu.me" Date: Mon, 7 Mar 2016 00:28:47 -0500 Subject: [PATCH] Changed password hashing method to bcrypt --- main.go | 2 +- rosella.go | 2 +- server.go | 11 ++++------- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/main.go b/main.go index 05171a8..5557adb 100644 --- a/main.go +++ b/main.go @@ -49,7 +49,7 @@ func main() { fields := strings.Fields(line) if len(fields) == 2 { - server.operatorMap[fields[0]] = fields[1] + server.operatorMap[fields[0]] = []byte(fields[1]) } } } diff --git a/rosella.go b/rosella.go index a9c5d9e..5e5bec1 100644 --- a/rosella.go +++ b/rosella.go @@ -12,7 +12,7 @@ type Server struct { name string clientMap map[string]*Client //Map of nicks → clients channelMap map[string]*Channel //Map of channel names → channels - operatorMap map[string]string //Map of usernames → SHA1 hashed passwords + operatorMap map[string][]byte //Map of usernames → bcrypt hashed passwords motd string } diff --git a/server.go b/server.go index 0944b77..f91d4f9 100644 --- a/server.go +++ b/server.go @@ -1,9 +1,8 @@ package main import ( - "crypto/sha1" "fmt" - "io" + "golang.org/x/crypto/bcrypt" "log" "net" "regexp" @@ -20,7 +19,7 @@ func NewServer() *Server { name: "rosella", clientMap: make(map[string]*Client), channelMap: make(map[string]*Channel), - operatorMap: make(map[string]string), + operatorMap: make(map[string][]byte), motd: "Welcome to IRC. Powered by Rosella."} } @@ -315,10 +314,8 @@ func (s *Server) handleCommand(client *Client, command string, args []string) { password := args[1] if hashedPassword, exists := s.operatorMap[username]; exists { - h := sha1.New() - io.WriteString(h, password) - pass := fmt.Sprintf("%x", h.Sum(nil)) - if hashedPassword == pass { + //nil means the passwords matched + if err := bcrypt.CompareHashAndPassword(hashedPassword, []byte(password)); err == nil { client.operator = true client.reply(rplOper) return