pub-solar/forgejo
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
forgejo/modules
History
Gusted 623c93ff46
Increase Salt randomness () 
- The current implementation of `RandomString` doesn't give you a most-possible unique randomness. It gives you 6*`length` instead of the possible 8*`length` bits(or as `length`x bytes) randomness. This is because `RandomString` is being limited to a max value of 63, this in order to represent the random byte as a letter/digit.
- The recommendation of pbkdf2 is to use 64+ bit salt, which the `RandomString` doesn't give with a length of 10, instead of increasing 10 to a higher number, this patch adds a new function called `RandomBytes` which does give you the guarentee of 8*`length` randomness and thus corresponding of `length`x bytes randomness.
- Use hexadecimal to store the bytes value in the database, as mentioned, it doesn't play nice in order to convert it to a string. This will always be a length of 32(with `length` being 16).
- When we detect on `Authenticate`(source: db) that a user has the old format of salt, re-hash the password such that the user will have it's password hashed with increased salt.

Thanks to @zeripath for working out the rouge edges from my first commit 😄.

Co-authored-by: lafriks <lauris@nix.lv>
Co-authored-by: zeripath <art27@cantab.net>
2022-01-04 15:13:52 +00:00
..
activitypub Create pub/priv keypair for federation () 2021-09-28 15:19:22 -04:00
analyze Use git attributes to determine generated and vendored status for language stats and diffs () 2021-09-09 21:13:36 +01:00
appstate Decouple unit test code from business code () 2021-11-12 22:36:47 +08:00
auth Add bundle download for repository () 2021-08-24 11:47:09 -05:00
avatar Simplify parameter types () 2021-12-20 04:41:31 +00:00
base Simplify parameter types () 2021-12-20 04:41:31 +00:00
cache Test cache during init () 2021-12-06 00:24:57 +08:00
charset Simplify parameter types () 2021-12-20 04:41:31 +00:00
context Refactor auth package () 2022-01-02 21:12:35 +08:00
convert Refactor auth package () 2022-01-02 21:12:35 +08:00
csv Unify and simplify TrN for i18n () 2022-01-02 04:33:57 +01:00
doctor Quote references to the user table in consistency checks () 2021-12-22 23:52:57 +00:00
emoji Run processors on whole of text () 2021-06-17 11:35:05 +01:00
eventsource Simplify parameter types () 2021-12-20 04:41:31 +00:00
generate switch to maintained lib () 2021-07-24 13:00:41 +02:00
git Do not read or write git reference files directly () 2021-12-23 21:44:00 +08:00
gitgraph Simplify parameter types () 2021-12-20 04:41:31 +00:00
graceful Make SSL cipher suite configurable () 2021-11-20 01:12:43 -05:00
hcaptcha hCaptcha Support () 2020-10-02 23:37:53 -04:00
highlight Add .gitattribute assisted language detection to blame, diff and render () 2021-11-17 20:37:00 +00:00
hostmatcher Simplify parameter types () 2021-12-20 04:41:31 +00:00
httpcache Use a variable but a function for IsProd because of a slight performance increment () 2021-10-20 16:37:19 +02:00
httplib refactor: move from io/ioutil to io and os package () 2021-09-22 13:38:34 +08:00
indexer Upgrade bleve from v2.0.6 to v2.3.0 () 2022-01-01 16:26:27 +08:00
json Move repository model into models/repo () 2021-12-10 09:27:50 +08:00
lfs Use hostmatcher to replace matchlist, improve security () 2021-11-20 17:34:05 +08:00
log Simplify parameter types () 2021-12-20 04:41:31 +00:00
markup Simplify parameter types () 2021-12-20 04:41:31 +00:00
metrics Refactor auth package () 2022-01-02 21:12:35 +08:00
migration Use fmt.Sprintf correctly () 2021-12-02 20:36:50 +01:00
nosql Remove unnecessary variable assignments () 2021-11-18 09:33:06 +08:00
notification Simplify parameter types () 2021-12-20 04:41:31 +00:00
options refactor: move from io/ioutil to io and os package () 2021-09-22 13:38:34 +08:00
password Fixed assert statements. () 2021-06-07 07:27:09 +02:00
pprof refactor: move from io/ioutil to io and os package () 2021-09-22 13:38:34 +08:00
private Move keys to models/asymkey () 2021-12-10 16:14:24 +08:00
process Make Requests Processes and create process hierarchy. Associate OpenRepository with context. () 2021-11-30 20:06:32 +00:00
proxy Return nil proxy function if proxy not enabled () 2021-08-19 16:41:20 -04:00
public refactor: move from io/ioutil to io and os package () 2021-09-22 13:38:34 +08:00
queue Prevent deadlock in TestPersistableChannelQueue () 2021-11-19 01:13:25 +00:00
recaptcha refactor: move from io/ioutil to io and os package () 2021-09-22 13:38:34 +08:00
references Add API to get issue/pull comments and events (timeline) () 2022-01-01 22:12:25 +08:00
repository Make AvatarRenderedSizeFactor configurable and set it to 3 () 2021-12-16 10:18:38 +08:00
secret Simplify parameter types () 2021-12-20 04:41:31 +00:00
session Refactor auth package () 2022-01-02 21:12:35 +08:00
setting Add MP4 as default allowed attachment type () 2022-01-04 04:36:47 +01:00
ssh Simplify parameter types () 2021-12-20 04:41:31 +00:00
storage refactor: move from io/ioutil to io and os package () 2021-09-22 13:38:34 +08:00
structs Add API to get issue/pull comments and events (timeline) () 2022-01-01 22:12:25 +08:00
svg refactor: move from io/ioutil to io and os package () 2021-09-22 13:38:34 +08:00
sync Fix missing unlock in uniquequeue () 2020-01-15 23:58:33 +02:00
templates Unify and simplify TrN for i18n () 2022-01-02 04:33:57 +01:00
test Unify and simplify TrN for i18n () 2022-01-02 04:33:57 +01:00
timeutil Allow mocking timeutil () 2021-10-18 21:12:26 +01:00
translation Unify and simplify TrN for i18n () 2022-01-02 04:33:57 +01:00
typesniffer Read expected buffer size () 2021-10-24 22:12:43 +01:00
updatechecker Use JSON module instead of stdlib json () 2021-12-17 09:15:02 +08:00
upload Simplify parameter types () 2021-12-20 04:41:31 +00:00
uri Prevent NPE if gitea uploader fails to open url () 2021-12-23 16:27:33 +00:00
user Add gitea-vet () 2020-04-05 07:20:50 +01:00
util Increase Salt randomness () 2022-01-04 15:13:52 +00:00
validation Upgrade chi to v5 () 2021-10-13 22:50:23 -04:00
web Simplify parameter types () 2021-12-20 04:41:31 +00:00