Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implemented password hashing using bcrypt #8

Closed

Conversation

ukane-philemon
Copy link

Please review this implementation, I can make changes where needed.

@ukane-philemon ukane-philemon force-pushed the HashAdminPass branch 2 times, most recently from e57cb04 to 9399072 Compare December 21, 2021 23:18
database/database.go Outdated Show resolved Hide resolved
database/database.go Show resolved Hide resolved
database/database.go Outdated Show resolved Hide resolved
database/database.go Outdated Show resolved Hide resolved
vspd.go Outdated Show resolved Hide resolved
vspd.go Outdated Show resolved Hide resolved
webapi/admin.go Outdated Show resolved Hide resolved
webapi/admin.go Outdated Show resolved Hide resolved
webapi/admin.go Outdated Show resolved Hide resolved
webapi/webapi.go Outdated Show resolved Hide resolved
@ukane-philemon ukane-philemon force-pushed the HashAdminPass branch 4 times, most recently from bb324e3 to 621622b Compare December 25, 2021 08:11
database/database.go Outdated Show resolved Hide resolved
database/database.go Outdated Show resolved Hide resolved
database/database.go Outdated Show resolved Hide resolved
vspd.go Outdated
@@ -37,6 +38,12 @@ func main() {
}
}

// hashPassword hash cfg.AdminPass and returns the hash.
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// hashPassword hash cfg.AdminPass and returns the hash.
// hashPassword hashes cfg.AdminPass and returns the hash.

vspd.go Show resolved Hide resolved
vspd.go Outdated Show resolved Hide resolved
vspd.go Outdated Show resolved Hide resolved
webapi/admin.go Outdated
@@ -197,12 +198,18 @@ func ticketSearch(c *gin.Context) {
})
}

// CheckPasswordHash compare hash value of password with hash.
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// CheckPasswordHash compare hash value of password with hash.
// CheckPasswordHash compares the hash value of the provided password with the provided hash.

webapi/admin.go Outdated Show resolved Hide resolved
@ukane-philemon ukane-philemon changed the title Implementing password hashing using bycrypt Implemented password hashing using bcrypt Dec 25, 2021
@ukane-philemon
Copy link
Author

ukane-philemon commented Dec 25, 2021

Per SEI CERT C Coding Standard This uses bcrypt is a special type of hashing package designed solely for password hashing to hash the admin password. VSP operators can start vspd without a password in the config or commandline after first initiating vspd with an admin password. VSP operators update admin password when they provide it via config or commandline.
This is because this pr saves admin password hash to database and retrieves it at start-up. Closes decred#281

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant