Replace SHA256 password hashing with bcrypt, fix file permissions#462
Merged
Volte6 merged 1 commit intoGoMudEngine:masterfrom Apr 6, 2026
Merged
Conversation
- Replace unsalted SHA256 with bcrypt (DefaultCost) in SetPassword - Remove plaintext password fallback from PasswordMatches - Remove hash-of-hash bypass from PasswordMatches - Add SHA256-to-bcrypt migration: old hashes still work on login and are automatically re-hashed to bcrypt - Fix user file permissions from 0777 to 0600 - Add 8 tests covering bcrypt, migration, and removed attack vectors Fixes #2 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Volte6
approved these changes
Apr 6, 2026
pruuk
added a commit
to pruuk/DOGMud
that referenced
this pull request
Apr 16, 2026
Ported from upstream GoMud GoMudEngine#462. Passwords now use bcrypt with automatic migration — existing SHA256 hashes re-hash on next login. Plaintext and hash-of-hash fallbacks removed. User files written with 0600 permissions instead of 0777. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
pruuk
added a commit
to pruuk/DOGMud
that referenced
this pull request
Apr 16, 2026
Port of GoMud GoMudEngine#462 by Sarah Murphy (sarahmaeve) — replaces unsalted SHA256 with bcrypt, removes plaintext/hash-of-hash bypasses, fixes file permissions (0777→0600). Existing users migrate transparently on next login. Original PR: GoMudEngine#462 Co-Authored-By: Sarah Murphy <sarahmaeve@users.noreply.github.com> Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
pruuk
added a commit
to pruuk/DOGMud
that referenced
this pull request
Apr 16, 2026
…crypt
- Block targeting any companion (not just your own)
- Sweep dead mobs every combat round (fixes minutes-long downed state)
- Fix buff YAML text tokens ({sourcename} → {source})
- Bcrypt password hashing (upstream GoMud GoMudEngine#462)
- Go 1.25 Dockerfile for x/crypto compatibility
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
arinbb
pushed a commit
to arinbb/GoMud
that referenced
this pull request
Apr 17, 2026
…MudEngine#462) ## Summary Replaces unsalted SHA256 password hashing with bcrypt and fixes several related security issues. ## Problems Fixed 1. Passwords stored as unsalted SHA256 — vulnerable to rainbow table attacks 2. Plaintext password fallback in PasswordMatches — allows bypass if YAML file is edited 3. Hash-of-hash bypass — attacker with file access can compute SHA256 of stored hash to log in 4. User files written with 0777 permissions — password hashes world-readable ## Changes - **SetPassword**: Uses bcrypt.GenerateFromPassword with DefaultCost - **PasswordMatches**: bcrypt as primary path, SHA256 migration with automatic re-hash on successful login, plaintext and hash-of-hash fallbacks removed - **SaveUser**: File permissions 0777 -> 0600 - util.Hash is unchanged (used elsewhere in the codebase) ## Migration Existing users with SHA256 hashes will authenticate normally on their next login. Their password is automatically re-hashed to bcrypt transparently — no user action required. ## Tests 8 new tests covering: bcrypt storage format, correct/wrong password, no plaintext fallback, no hash-of-hash bypass, SHA256 migration + automatic re-hash, post-migration login, unique salts per user.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replaces unsalted SHA256 password hashing with bcrypt and fixes several related security issues.
Problems Fixed
Changes
Migration
Existing users with SHA256 hashes will authenticate normally on their next login. Their password is automatically re-hashed to bcrypt transparently — no user action required.
Tests
8 new tests covering: bcrypt storage format, correct/wrong password, no plaintext fallback, no hash-of-hash bypass, SHA256 migration + automatic re-hash, post-migration login, unique salts per user.