Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: Increase rounds for hashing recovery codes in UIDatabase

Browse source 
Increase the number of rounds for hashing recovery codes in the `UIDatabase` class to improve security.
This commit is contained in:
Théophile Diot 2024-08-09 13:48:10 +01:00
parent c590f51944
commit 2b93efda57
No known key found for this signature in database
GPG key ID: FA995104A0BA376A
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/ui/ui_database.py
View file

@ -216,7 +216,7 @@ class UIDatabase(Database):
)
for code in totp_recovery_codes or []:
session.add(UserRecoveryCodes(user_name=username, code=hashpw(code.encode("utf-8"), gensalt(rounds=8)).decode("utf-8")))
session.add(UserRecoveryCodes(user_name=username, code=hashpw(code.encode("utf-8"), gensalt(rounds=10)).decode("utf-8")))
try:
session.commit()
@ -358,7 +358,7 @@ class UIDatabase(Database):
session.query(UserRecoveryCodes).filter_by(user_name=username).delete()
for code in codes:
session.add(UserRecoveryCodes(user_name=username, code=hashpw(code.encode("utf-8"), gensalt(rounds=8)).decode("utf-8")))
session.add(UserRecoveryCodes(user_name=username, code=hashpw(code.encode("utf-8"), gensalt(rounds=10)).decode("utf-8")))
try:
session.commit()