projects
/
mudpy.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Secure, extensible, forward-compatable passwords.
[mudpy.git]
/
lib
/
mudpy
/
misc.py
diff --git
a/lib/mudpy/misc.py
b/lib/mudpy/misc.py
index
3b11a12
..
609e155
100644
(file)
--- a/
lib/mudpy/misc.py
+++ b/
lib/mudpy/misc.py
@@
-1783,17
+1783,13
@@
def handler_entering_account_name(user):
def handler_checking_password(user):
u"""Handle the login account password."""
def handler_checking_password(user):
u"""Handle the login account password."""
- import
md5
+ import
password
# get the next waiting line of input
input_data = user.input_queue.pop(0)
# does the hashed input equal the stored hash?
# get the next waiting line of input
input_data = user.input_queue.pop(0)
# does the hashed input equal the stored hash?
- if unicode(
- md5.new(
- ( user.account.get(u"name") + input_data ).encode(u"utf-8")
- ).hexdigest()
- ) == user.account.get(u"passhash"):
+ if password.verify( input_data, user.account.get(u"passhash") ):
# if so, set the username and load from cold storage
if not user.replace_old_connections():
# if so, set the username and load from cold storage
if not user.replace_old_connections():
@@
-1820,7
+1816,7
@@
def handler_checking_password(user):
def handler_entering_new_password(user):
u"""Handle a new password entry."""
def handler_entering_new_password(user):
u"""Handle a new password entry."""
- import
md5
+ import
password
# get the next waiting line of input
input_data = user.input_queue.pop(0)
# get the next waiting line of input
input_data = user.input_queue.pop(0)
@@
-1836,14
+1832,7
@@
def handler_entering_new_password(user):
):
# hash and store it, then move on to verification
):
# hash and store it, then move on to verification
- user.account.set(
- u"passhash",
- unicode(
- md5.new(
- ( user.account.get(u"name") + input_data ).encode(u"utf-8")
- ).hexdigest()
- )
- )
+ user.account.set( u"passhash", password.create(input_data) )
user.state = u"verifying_new_password"
# the password was weak, try again if you haven't tried too many times
user.state = u"verifying_new_password"
# the password was weak, try again if you haven't tried too many times
@@
-1867,17
+1856,13
@@
def handler_entering_new_password(user):
def handler_verifying_new_password(user):
u"""Handle the re-entered new password for verification."""
def handler_verifying_new_password(user):
u"""Handle the re-entered new password for verification."""
- import
md5
+ import
password
# get the next waiting line of input
input_data = user.input_queue.pop(0)
# hash the input and match it to storage
# get the next waiting line of input
input_data = user.input_queue.pop(0)
# hash the input and match it to storage
- if unicode(
- md5.new(
- ( user.account.get(u"name") + input_data ).encode(u"utf-8")
- ).hexdigest()
- ) == user.account.get(u"passhash"):
+ if password.verify( input_data, user.account.get(u"passhash") ):
user.authenticate()
# the hashes matched, so go active
user.authenticate()
# the hashes matched, so go active