From 349cf0e936610be828f6833442e8e23a147a2065 Mon Sep 17 00:00:00 2001
From: SimonTannert <st103267@stud.uni-stuttgart.de>
Date: Mon, 20 Jan 2020 15:36:15 +0100
Subject: [PATCH] adding salt to user passwords

---
 auth.py | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/auth.py b/auth.py
index 576f974..e352317 100644
--- a/auth.py
+++ b/auth.py
@@ -1,3 +1,4 @@
+import random
 import getpass
 import pickle
 import sys
@@ -5,16 +6,21 @@
 def get_credentials():
     username = input('Enter your username: ')
     password = getpass.getpass('Enter your password: ')
-    return username, hash_string(password)
+    return username, password
 
-def hash_string(inputstring):
+def hash_string(inputstring, salt=None):
+    if salt is None:
+        salt = "".join(random.choice("1234567890qwertyuiopasdfghjklzxcvbnm")
+                       for _ in range(16))
     # hash the string
-    hashed_password = sum(ord(char) for char in inputstring) 
-    return hashed_password
+    hashed_password = sum(ord(char) for char in salt+inputstring)
+    return salt, hashed_password
     
 def authenticate(username, password, pwdb):
     if username in pwdb:
-        if password == pwdb[username]:
+        salt, hashed_password = pwdb[username]
+        _, new_hashed_password = hash_string(password, salt)
+        if new_hashed_password == hashed_password:
             return True
     return False
 
@@ -28,7 +34,7 @@ def write_pwdb(pwdb, pwdb_file):
     pickle.dump(pwdb, pwdb_file)
 
 def add_user(username, password, pwdb):
-    pwdb[username] = password
+    pwdb[username] = hash_string(password)
     return pwdb
 
 if __name__ == '__main__':