From 495dd35b4848f1585858b62e3b2711d3f9dbb22d Mon Sep 17 00:00:00 2001 From: DmitryRendov Date: Sun, 6 Sep 2015 20:28:25 +0000 Subject: [PATCH] Updated PBKDF2 hasher to support Django 1.7+ --- .../xephi/authme/security/crypts/CryptPBKDF2.java | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/main/java/fr/xephi/authme/security/crypts/CryptPBKDF2.java b/src/main/java/fr/xephi/authme/security/crypts/CryptPBKDF2.java index e6fb9bc50..426b36ee0 100644 --- a/src/main/java/fr/xephi/authme/security/crypts/CryptPBKDF2.java +++ b/src/main/java/fr/xephi/authme/security/crypts/CryptPBKDF2.java @@ -4,17 +4,18 @@ import java.security.NoSuchAlgorithmException; import fr.xephi.authme.security.pbkdf2.PBKDF2Engine; import fr.xephi.authme.security.pbkdf2.PBKDF2Parameters; +import javax.xml.bind.DatatypeConverter; public class CryptPBKDF2 implements EncryptionMethod { @Override public String getHash(String password, String salt, String name) throws NoSuchAlgorithmException { - String result = "pbkdf2_sha256$10000$" + salt + "$"; - PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), 10000); + String result = "pbkdf2_sha256$15000$" + salt + "$"; + PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), 15000); PBKDF2Engine engine = new PBKDF2Engine(params); - - return result + String.valueOf(engine.deriveKey(password, 64)); + + return result + String.valueOf(DatatypeConverter.printBase64Binary(engine.deriveKey(password, 32))); } @Override @@ -22,8 +23,8 @@ public class CryptPBKDF2 implements EncryptionMethod { String playerName) throws NoSuchAlgorithmException { String[] line = hash.split("\\$"); String salt = line[2]; - String derivedKey = line[3]; - PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), 10000, derivedKey.getBytes()); + byte[] derivedKey = DatatypeConverter.parseBase64Binary(line[3]); + PBKDF2Parameters params = new PBKDF2Parameters("HmacSHA256", "ASCII", salt.getBytes(), 15000, derivedKey); PBKDF2Engine engine = new PBKDF2Engine(params); return engine.verifyKey(password); }