/synapse

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Follow up to adding password pepper #910

Merged
merged 2 commits into from Jul 6, 2016

Conversation

Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@KentShikama @matrixbot @erikjohnston
@KentShikama
Contributor

KentShikama commented Jul 6, 2016

Ran using config with bcrypt rounds 10 and pepper "hello" with password "random"

(env)kents-air:synapse kent$ python scripts/hash_password -c demo/etc/8080.config
Password: 
Confirm password: 
$2a$10$f3O5aysDic74GSqKjljtsO1dTzVaLmsAXwVW1DjG7N6EHFtT.qzxa

Tested with

import bcrypt

stored_hash = "$2a$10$f3O5aysDic74GSqKjljtsO1dTzVaLmsAXwVW1DjG7N6EHFtT.qzxa"
print(bcrypt.hashpw("randomhello".encode('utf-8'), stored_hash.encode('utf-8')) == stored_hash.encode('utf-8')) # prints True

Ran without passing in config with password "random"

(env)kents-air:synapse kent$ python scripts/hash_password 
Password: 
Confirm password: 
$2a$12$6WzQnYQoglWXtewHCGhEqOxYry7vRgPkUeO7NrHMc9iW.lj39xwGi

Tested with

import bcrypt

stored_hash = "$2a$12$6WzQnYQoglWXtewHCGhEqOxYry7vRgPkUeO7NrHMc9iW.lj39xwGi"
print(bcrypt.hashpw("random".encode('utf-8'), stored_hash.encode('utf-8')) == stored_hash.encode('utf-8')) # prints True

Ran with non-existing config

(env)kents-air:synapse kent$ python scripts/hash_password -c diaspora.config
usage: hash_password [-h] [-p PASSWORD] [-c CONFIG]
hash_password: error: argument -c/--config: can't open 'diaspora.config': [Errno 2] No such file or directory: 'diaspora.config'

Ran with config that didn't contain pepper again with password "random" with bcrypt rounds 10

(env)kents-air:synapse kent$ python scripts/hash_password -c demo/etc/8080.config
Password: 
Confirm password: 
$2a$10$UZFvoKbz2n7LGHag6dC.Su81fGP9SphUTZO4ptde6a8TavBgVhipC

Tested with

import bcrypt

stored_hash = "$2a$10$UZFvoKbz2n7LGHag6dC.Su81fGP9SphUTZO4ptde6a8TavBgVhipC"
print(bcrypt.hashpw("random".encode('utf-8'), stored_hash.encode('utf-8')) == stored_hash.encode('utf-8')) # prints True

KentShikama added some commits Jul 6, 2016

@KentShikama
Update hash_password script 
Signed-off-by: Kent Shikama <kent@kentshikama.com>
This commit was signed with a verified signature.
@KentShikama KentShikama Kent Shikama
GPG key ID: D275958A0FA61427 Learn about signing commits
896bc6c
@KentShikama
Update password config comment 
Signed-off-by: Kent Shikama <kent@kentshikama.com>
This commit was signed with a verified signature.
@KentShikama KentShikama Kent Shikama
GPG key ID: D275958A0FA61427 Learn about signing commits
8d9a884
@matrixbot

matrixbot commented Jul 6, 2016

Can one of the admins verify this patch?
@matrixbot

matrixbot commented Jul 6, 2016

Can one of the admins verify this patch?
@matrixbot

matrixbot commented Jul 6, 2016

Can one of the admins verify this patch?
@matrixbot

matrixbot commented Jul 6, 2016

Can one of the admins verify this patch?
@matrixbot

matrixbot commented Jul 6, 2016

Can one of the admins verify this patch?
@erikjohnston
Owner

erikjohnston commented Jul 6, 2016

Aha, thanks :)

@erikjohnston erikjohnston merged commit 2e3c8ac into matrix-org:develop Jul 6, 2016

@KentShikama KentShikama deleted the KentShikama:hash_password_followup branch Jul 6, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment