Upgrade password hashing.

Previously, we generated and prepended a long salt before generating password hashes. This resulted in the hash verification cutting off long before it should do. This form of salting is also not necessary with bcrypt as it's provided by the password hashing and verification functions themselves, so totally rip it out. This commit also adds the functionality for the server to automagically upgrade users to use the new hashing system, which means better security and more assurance that people can't bruteforce passwords. No need to apply a database upgrade to do this, whoo! \o/
2018-04-01 17:12:41 +10:00 · 2018-04-01 17:12:41 +10:00 · bf04dc24f9
commit bf04dc24f9
parent dcb15d619d
3 changed files with 63 additions and 20 deletions
--- a/irc/passwd/unsalted.go
+++ b/irc/passwd/unsalted.go
@ -15,16 +15,19 @@ var (
 	ErrEmptyPassword = errors.New("empty password")
 )

-// GenerateEncodedPassword returns an encrypted password, encoded into a string with base64.
-func GenerateEncodedPassword(passwd string) (encoded string, err error) {
+// GenerateEncodedPasswordBytes returns an encrypted password, returning the bytes directly.
+func GenerateEncodedPasswordBytes(passwd string) (encoded []byte, err error) {
 	if passwd == "" {
 		err = ErrEmptyPassword
 		return
 	}
-	bcrypted, err := bcrypt.GenerateFromPassword([]byte(passwd), bcrypt.MinCost)
-	if err != nil {
-		return
-	}
+	encoded, err = bcrypt.GenerateFromPassword([]byte(passwd), bcrypt.MinCost)
+	return
+}
+
+// GenerateEncodedPassword returns an encrypted password, encoded into a string with base64.
+func GenerateEncodedPassword(passwd string) (encoded string, err error) {
+	bcrypted, err := GenerateEncodedPasswordBytes(passwd)
 	encoded = base64.StdEncoding.EncodeToString(bcrypted)
 	return
 }