From: Michael Marley Date: Sun, 8 Feb 2015 18:25:50 +0000 (-0500) Subject: Add support for a salted SHA2-512 hash X-Git-Tag: 0.12-rc1~6^2~2 X-Git-Url: https://git.quassel-irc.org/?p=quassel.git;a=commitdiff_plain;h=1e57394b3bb6aaf6213270658e00975b19f02d26 Add support for a salted SHA2-512 hash This new hash uses a SHA2-512 hash salted with 512 bits of data generated using the C++11 std::mt19937 algorithm, seeded by std::random_device. It only works with Qt5, so Qt4 builds will keep using the old SHA1 hash. --- diff --git a/src/core/storage.cpp b/src/core/storage.cpp index 4a84e9bb..f8d60b76 100644 --- a/src/core/storage.cpp +++ b/src/core/storage.cpp @@ -29,7 +29,11 @@ Storage::Storage(QObject *parent) QString Storage::hashPassword(const QString &password) { +#if QT_VERSION >= 0x050000 + return hashPasswordSha2_512(password); +#else return hashPasswordSha1(password); +#endif } bool Storage::checkHashedPassword(const UserId user, const QString &password, const QString &hashedPassword, const Storage::HashVersion version) @@ -41,6 +45,12 @@ bool Storage::checkHashedPassword(const UserId user, const QString &password, co passwordCorrect = checkHashedPasswordSha1(password, hashedPassword); break; +#if QT_VERSION >= 0x050000 + case Storage::HashVersion::sha2_512: + passwordCorrect = checkHashedPasswordSha2_512(password, hashedPassword); + break; +#endif + default: qWarning() << "Password hash version" << QString(version) << "is not supported, please reset password"; } @@ -61,3 +71,40 @@ bool Storage::checkHashedPasswordSha1(const QString &password, const QString &ha { return hashPasswordSha1(password) == hashedPassword; } + +#if QT_VERSION >= 0x050000 +QString Storage::hashPasswordSha2_512(const QString &password) +{ + // Generate a salt of 512 bits (64 bytes) using the Mersenne Twister + std::random_device seed; + std::mt19937 generator(seed()); + std::uniform_int_distribution distribution(0, 255); + QByteArray saltBytes; + saltBytes.resize(64); + for (int i = 0; i < 64; i++) { + saltBytes[i] = (unsigned char) distribution(generator); + } + QString salt(saltBytes.toHex()); + + // Append the salt to the password and hash it + QString passwordAndSalt(password + salt); + QString hash(QCryptographicHash::hash(passwordAndSalt.toUtf8(), QCryptographicHash::Sha512).toHex()); + + return hash + ":" + salt; +} + +bool Storage::checkHashedPasswordSha2_512(const QString &password, const QString &hashedPassword) +{ + QRegExp colonSplitter("\\:"); + QStringList hashedPasswordAndSalt = hashedPassword.split(colonSplitter); + + if (hashedPasswordAndSalt.size() == 2){ + QString passwordAndSalt(password + hashedPasswordAndSalt[1]); + return QString(QCryptographicHash::hash(passwordAndSalt.toUtf8(), QCryptographicHash::Sha512).toHex()) == hashedPasswordAndSalt[0]; + } + else { + qWarning() << "Password hash and salt were not in the correct format"; + return false; + } +} +#endif diff --git a/src/core/storage.h b/src/core/storage.h index 9371529d..989f3314 100644 --- a/src/core/storage.h +++ b/src/core/storage.h @@ -44,7 +44,12 @@ public: enum HashVersion { sha1, +#if QT_VERSION >= 0x050000 + sha2_512, + latest=sha2_512 +#else latest=sha1 +#endif }; public slots: @@ -419,6 +424,11 @@ protected: private: QString hashPasswordSha1(const QString &password); bool checkHashedPasswordSha1(const QString &password, const QString &hashedPassword); + +#if QT_VERSION >= 0x050000 + QString hashPasswordSha2_512(const QString &password); + bool checkHashedPasswordSha2_512(const QString &password, const QString &hashedPassword); +#endif };