Increase sharingKey complexity

bpatrik / pigallery2

A fast directory-first photo gallery website, with rich UI, optimized for running on low resource servers (especially on raspberry pi)

http://bpatrik.github.io/pigallery2/

MIT License

1.76k stars 202 forks source link

Increase sharingKey complexity #883

Open VirtualGit opened 5 months ago

VirtualGit commented 5 months ago

Is your feature request related to a problem? Please describe. Sharing an album is possible without password thanks to a sharing key. That's exactly my need. But I find the sharing key complexity absolutely too much weak. It is currently composed of 8 characters including [0-9a-f]. From my point of view this is too weak.

Describe the solution you'd like I'm interested in having a much more secure sharing key. At least 32 characters, maybe 64, instead of 8. Even better, characters could be taken from [0-9A-Za-z], which increase number of combinations. Maybe the sharing key length could be a setting ?

Describe alternatives you've considered (optional) No alternative.

I can work on it and push a MR if you want. I'm not familiar with open-source collaboration, but there's a first time for everything :) If so, tell me the direction you'd prefer.

VirtualGit commented 5 months ago

FYI, I've done it here : https://github.com/VirtualGit/pigallery2/commit/e3052159f6b6102a4bcadc58c912022bdca6020c I need to do more tests, but it's looks good.

Still missing translation entries (not sure how to update xlf files)
Long keys are not wrapped in the share list (config page) ; I should maybe enable text ellipsis or something like that. Will think about it soon.

bpatrik commented 5 months ago

Hi, That commit looks good to me. Happy to merge it if you send a PR.

VirtualGit commented 5 months ago

Thanks. I'll send you a PR when I fix this : Copie d'écran_20240425_085016 Expect a few days/weeks.

VirtualGit commented 5 months ago

Is this ok for you : (I'm not CSS expert !) https://github.com/VirtualGit/pigallery2/commit/edf03fe2b1c5d8c5bc5a080e0874c3c679cf20e6

That leads to : screenshot_20240502_220320 and : screenshot_20240502_220416

bpatrik commented 4 months ago

Yeah, it looks good to me!

-- Sorry for being brief, sent from my phone.

On Thu, 2 May 2024, 22:21 VirtualGit, @.***> wrote:

Is this ok for you : (I'm not CSS expert !) @.*** https://github.com/VirtualGit/pigallery2/commit/edf03fe2b1c5d8c5bc5a080e0874c3c679cf20e6

That leads to : screenshot_20240502_220320.png (view on web) https://github.com/bpatrik/pigallery2/assets/14853220/e129a2b8-f2eb-4868-b297-ada97f94cee4 and : screenshot_20240502_220416.png (view on web) https://github.com/bpatrik/pigallery2/assets/14853220/fb7e0b69-1f38-4915-9614-29287cd52c21

— Reply to this email directly, view it on GitHub https://github.com/bpatrik/pigallery2/issues/883#issuecomment-2091489402, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABZKA5RHNNQZ64NFJMKB3ATZAKN5HAVCNFSM6AAAAABGBAMWH6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJRGQ4DSNBQGI . You are receiving this because you commented.Message ID: @.***>