search

mohe2015 / schule

Wiki, Stundenplan und Vertretungsplan für moderne Browser
GNU Affero General Public License v3.0
0 stars 0 forks source link

Remove password dependency #225

Closed mohe2015 closed 5 years ago

mohe2015 commented 5 years ago 
(defun password-hash (password)
  (ironclad:pbkdf2-hash-password-to-combined-string
   (babel:string-to-octets password)))
(defun check-user-password (user password)
  (handler-case
      (let* ((data (my-get-user-data user))
             (hash (my-get-user-hash data))
             (active (my-get-user-active data)))
        (when (and active (ironclad:pbkdf2-check-password (babel:string-to-octets password)
                                                          hash))
          (my-get-user-id data)))
    (condition () nil)))
mohe2015 commented 5 years ago

This is not secure. rather use https://github.com/p-h-c/phc-winner-argon2