From d872c0a80fc5c7f07c7afb07ef40636f454eb69a Mon Sep 17 00:00:00 2001 From: Matt Hamilton Date: Mon, 22 Aug 2016 14:31:13 -0700 Subject: [PATCH 1/2] deprecate MD5 in favor of SHA512 --- syncplay/client.py | 4 ++-- syncplay/server.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/syncplay/client.py b/syncplay/client.py index 2f52014..dacb736 100644 --- a/syncplay/client.py +++ b/syncplay/client.py @@ -88,7 +88,7 @@ class SyncplayClient(object): self.setUsername(config['name']) self.setRoom(config['room']) if config['password']: - config['password'] = hashlib.md5(config['password']).hexdigest() + config['password'] = hashlib.sha512(config['password']).hexdigest() self._serverPassword = config['password'] if not config['file']: self.__getUserlistOnLogon = True @@ -1768,4 +1768,4 @@ class FileSwitchManager(object): if self.isDirectoryInList(directoryToFind, self.mediaDirectories): return self._client.ui.showErrorMessage(getMessage("added-file-not-in-media-directory-error").format(directoryToFind)) - self.mediaDirectoriesNotFound.append(directoryToFind) \ No newline at end of file + self.mediaDirectoriesNotFound.append(directoryToFind) diff --git a/syncplay/server.py b/syncplay/server.py index c177338..b7a0c85 100644 --- a/syncplay/server.py +++ b/syncplay/server.py @@ -17,7 +17,7 @@ class SyncFactory(Factory): def __init__(self, password='', motdFilePath=None, isolateRooms=False, salt=None, disableReady=False): print getMessage("welcome-server-notification").format(syncplay.version) if password: - password = hashlib.md5(password).hexdigest() + password = hashlib.sha512(password).hexdigest() self.password = password if salt is None: salt = RandomStringGenerator.generate_server_salt() From d3a835bef6287022fcf63b097df2379ce1809aee Mon Sep 17 00:00:00 2001 From: Matt Hamilton Date: Mon, 22 Aug 2016 15:05:34 -0700 Subject: [PATCH 2/2] check password against MD5 for compatibility --- syncplay/protocols.py | 4 ++-- syncplay/server.py | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/syncplay/protocols.py b/syncplay/protocols.py index 2eeafe8..48f5b90 100644 --- a/syncplay/protocols.py +++ b/syncplay/protocols.py @@ -325,11 +325,11 @@ class SyncServerProtocol(JSONCommandProtocol): return username, serverPassword, roomName, version def _checkPassword(self, serverPassword): - if self._factory.password: + if self._factory.password_sha512 or self._factory.password_md5: if not serverPassword: self.dropWithError(getMessage("password-required-server-error")) return False - if serverPassword != self._factory.password: + if serverPassword != self._factory.password_md5 and serverPassword != self._factory.password_sha512: self.dropWithError(getMessage("wrong-password-server-error")) return False return True diff --git a/syncplay/server.py b/syncplay/server.py index b7a0c85..df5aaa3 100644 --- a/syncplay/server.py +++ b/syncplay/server.py @@ -17,8 +17,10 @@ class SyncFactory(Factory): def __init__(self, password='', motdFilePath=None, isolateRooms=False, salt=None, disableReady=False): print getMessage("welcome-server-notification").format(syncplay.version) if password: - password = hashlib.sha512(password).hexdigest() - self.password = password + password_sha512 = hashlib.sha512(password).hexdigest() + password_md5 = hashlib.md5(password).hexdigest() + self.password_sha512 = password_sha512 + self.password_md5 = password_md5 if salt is None: salt = RandomStringGenerator.generate_server_salt() print getMessage("no-salt-notification").format(salt)