From 06d985069a18d7e165cc781996d2f8e9238c2278 Mon Sep 17 00:00:00 2001 From: "Kali Kaneko (leap communications)" Date: Thu, 27 Oct 2016 00:54:00 +0200 Subject: [docs] add a fixme for the scrypt workaround --- src/leap/bitmask/core/uuid_map.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src/leap/bitmask') diff --git a/src/leap/bitmask/core/uuid_map.py b/src/leap/bitmask/core/uuid_map.py index 9c13fc57..262e3db4 100644 --- a/src/leap/bitmask/core/uuid_map.py +++ b/src/leap/bitmask/core/uuid_map.py @@ -112,7 +112,12 @@ class UserMap(object): def _encode_uuid_map(userid, uuid, passwd): data = 'userid:%s:uuid:%s' % (userid, uuid) - # TODO review usage of the raw passwd here + # FIXME scrypt.encrypt is broken in windows. + # This is a quick hack. The hostname might not be unique enough though. + # We could use a long random hash per entry and store it in the file. + # Other option is to use a different KDF that is supported by cryptography + # (ie, pbkdf) + if IS_WIN: key = scrypt.hash(passwd, socket.gethostname()) key = base64.urlsafe_b64encode(key[:32]) -- cgit v1.2.3