diff easyhg2.py @ 439:51c5332aa957

Salt passwords
author Chris Cannam
date Tue, 28 Jun 2011 13:58:07 +0100
parents a5696a1f2dc5
children 0d779f3cb4bc
line wrap: on
line diff
--- a/easyhg2.py	Tue Jun 28 13:50:49 2011 +0100
+++ b/easyhg2.py	Tue Jun 28 13:58:07 2011 +0100
@@ -62,16 +62,18 @@
 
 #!!! should be in a class here
 
-def encrypt(text, key):
-    text = '%d.%s' % (len(text), text)
+def encrypt_salted(text, key):
+    salt = os.urandom(8)
+    text = '%d.%s.%s' % (len(text), base64.b64encode(salt), text)
     text += (16 - len(text) % 16) * ' '
     cipher = AES.new(key)
     return base64.b64encode(cipher.encrypt(text))
 
-def decrypt(ctext, key):
+def decrypt_salted(ctext, key):
     cipher = AES.new(key)
     text = cipher.decrypt(base64.b64decode(ctext))
     (tlen, d, text) = text.partition('.')
+    (salt, d, text) = text.partition('.')
     return text[0:int(tlen)]
 
 def monkeypatch_method(cls):
@@ -212,7 +214,7 @@
         remember_default = get_boolean_from_config(pcfg, 'preferences', 'remember', False)
         pdata = get_from_config(pcfg, 'auth', remote_key(uri, user))
         if pdata:
-            cachedpwd = decrypt(pdata, pekey)
+            cachedpwd = decrypt_salted(pdata, pekey)
             passfield.setText(cachedpwd)
         remember = QtGui.QCheckBox()
         remember.setChecked(remember_default)
@@ -250,7 +252,7 @@
         set_to_config(pcfg, 'preferences', 'remember', remember.isChecked())
         if user:
             if passwd and remember.isChecked():
-                pdata = encrypt(passwd, pekey)
+                pdata = encrypt_salted(passwd, pekey)
                 set_to_config(pcfg, 'auth', remote_key(uri, user), pdata)
             else:
                 set_to_config(pcfg, 'auth', remote_key(uri, user), '')