0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-11-16 15:01:07 +01:00
gitea/modules
Gusted 623c93ff46
Increase Salt randomness (#18179)
- The current implementation of `RandomString` doesn't give you a most-possible unique randomness. It gives you 6*`length` instead of the possible 8*`length` bits(or as `length`x bytes) randomness. This is because `RandomString` is being limited to a max value of 63, this in order to represent the random byte as a letter/digit.
- The recommendation of pbkdf2 is to use 64+ bit salt, which the `RandomString` doesn't give with a length of 10, instead of increasing 10 to a higher number, this patch adds a new function called `RandomBytes` which does give you the guarentee of 8*`length` randomness and thus corresponding of `length`x bytes randomness.
- Use hexadecimal to store the bytes value in the database, as mentioned, it doesn't play nice in order to convert it to a string. This will always be a length of 32(with `length` being 16).
- When we detect on `Authenticate`(source: db) that a user has the old format of salt, re-hash the password such that the user will have it's password hashed with increased salt.

Thanks to @zeripath for working out the rouge edges from my first commit 😄.

Co-authored-by: lafriks <lauris@nix.lv>
Co-authored-by: zeripath <art27@cantab.net>
2022-01-04 15:13:52 +00:00
..
activitypub Create pub/priv keypair for federation (#17071) 2021-09-28 15:19:22 -04:00
analyze Use git attributes to determine generated and vendored status for language stats and diffs (#16773) 2021-09-09 21:13:36 +01:00
appstate Decouple unit test code from business code (#17623) 2021-11-12 22:36:47 +08:00
auth Add bundle download for repository (#14538) 2021-08-24 11:47:09 -05:00
avatar Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
base Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
cache Test cache during init (#17852) 2021-12-06 00:24:57 +08:00
charset Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
context Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
convert Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
csv Unify and simplify TrN for i18n (#18141) 2022-01-02 04:33:57 +01:00
doctor Quote references to the user table in consistency checks (#18072) 2021-12-22 23:52:57 +00:00
emoji Run processors on whole of text (#16155) 2021-06-17 11:35:05 +01:00
eventsource Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
generate switch to maintained lib (#16532) 2021-07-24 13:00:41 +02:00
git Do not read or write git reference files directly (#18079) 2021-12-23 21:44:00 +08:00
gitgraph Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
graceful Make SSL cipher suite configurable (#17440) 2021-11-20 01:12:43 -05:00
hcaptcha hCaptcha Support (#12594) 2020-10-02 23:37:53 -04:00
highlight Add .gitattribute assisted language detection to blame, diff and render (#17590) 2021-11-17 20:37:00 +00:00
hostmatcher Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
httpcache Use a variable but a function for IsProd because of a slight performance increment (#17368) 2021-10-20 16:37:19 +02:00
httplib refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
indexer Upgrade bleve from v2.0.6 to v2.3.0 (#18132) 2022-01-01 16:26:27 +08:00
json Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
lfs Use hostmatcher to replace matchlist, improve security (#17605) 2021-11-20 17:34:05 +08:00
log Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
markup Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
metrics Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
migration Use fmt.Sprintf correctly (#17886) 2021-12-02 20:36:50 +01:00
nosql Remove unnecessary variable assignments (#17695) 2021-11-18 09:33:06 +08:00
notification Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
options refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
password Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
pprof refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
private Move keys to models/asymkey (#17917) 2021-12-10 16:14:24 +08:00
process Make Requests Processes and create process hierarchy. Associate OpenRepository with context. (#17125) 2021-11-30 20:06:32 +00:00
proxy Return nil proxy function if proxy not enabled (#16742) 2021-08-19 16:41:20 -04:00
public refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
queue Prevent deadlock in TestPersistableChannelQueue (#17717) 2021-11-19 01:13:25 +00:00
recaptcha refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
references Add API to get issue/pull comments and events (timeline) (#17403) 2022-01-01 22:12:25 +08:00
repository Make AvatarRenderedSizeFactor configurable and set it to 3 (#17951) 2021-12-16 10:18:38 +08:00
secret Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
session Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
setting Add MP4 as default allowed attachment type (#18170) 2022-01-04 04:36:47 +01:00
ssh Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
storage refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
structs Add API to get issue/pull comments and events (timeline) (#17403) 2022-01-01 22:12:25 +08:00
svg refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
sync Fix missing unlock in uniquequeue (#9790) 2020-01-15 23:58:33 +02:00
templates Unify and simplify TrN for i18n (#18141) 2022-01-02 04:33:57 +01:00
test Unify and simplify TrN for i18n (#18141) 2022-01-02 04:33:57 +01:00
timeutil Allow mocking timeutil (#17354) 2021-10-18 21:12:26 +01:00
translation Unify and simplify TrN for i18n (#18141) 2022-01-02 04:33:57 +01:00
typesniffer Read expected buffer size (#17409) 2021-10-24 22:12:43 +01:00
updatechecker Use JSON module instead of stdlib json (#18003) 2021-12-17 09:15:02 +08:00
upload Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
uri Prevent NPE if gitea uploader fails to open url (#18080) 2021-12-23 16:27:33 +00:00
user Add gitea-vet (#10948) 2020-04-05 07:20:50 +01:00
util Increase Salt randomness (#18179) 2022-01-04 15:13:52 +00:00
validation Upgrade chi to v5 (#17298) 2021-10-13 22:50:23 -04:00
web Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00