-
-
Notifications
You must be signed in to change notification settings - Fork 62
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(verdaccio-htpasswd): generate non-constant legacy 2 byte salt (#357)
* fix(verdaccio-htpasswd): generate non-constant legacy 2 byte salt The crypt implementation in use does only support the legacy crypt hashing with a 2 byte salt. Supplying it with a prefixed salt will simply make the given prefix a constant salt value ('$6' with the defaults here). Note that the crypt hashing is weak either way, this just further weakens it by essentially removing the extra complexity a random salt provides for the individual entries. This change is backwards compatible. Existing entries will retain their constant '$6' salt, new and updated ones will get variable salts. * fix(verdaccio-htpasswd): supply old password to crypt3 on change To generate the proper comparison string, crypt3 needs the salt from the original entry. This previously worked only due to the constant salt. The verifyPassword function already does this correctly. Add a test that verifies that the password change works and a different result is returned when a new salt is generated.
- Loading branch information
1 parent
461e008
commit d522595
Showing
5 changed files
with
49 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters