summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKali Kaneko (leap communications) <kali@leap.se>2016-10-27 00:54:00 +0200
committerKali Kaneko (leap communications) <kali@leap.se>2016-11-03 14:28:14 +0100
commit06d985069a18d7e165cc781996d2f8e9238c2278 (patch)
treef7506f9d5a411fb6d7d5cfad99c9e4bd98037033
parent3d2d564a966679086156c844d8c58b11751163a3 (diff)
[docs] add a fixme for the scrypt workaround
-rw-r--r--src/leap/bitmask/core/uuid_map.py7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/leap/bitmask/core/uuid_map.py b/src/leap/bitmask/core/uuid_map.py
index 9c13fc5..262e3db 100644
--- a/src/leap/bitmask/core/uuid_map.py
+++ b/src/leap/bitmask/core/uuid_map.py
@@ -112,7 +112,12 @@ class UserMap(object):
def _encode_uuid_map(userid, uuid, passwd):
data = 'userid:%s:uuid:%s' % (userid, uuid)
- # TODO review usage of the raw passwd here
+ # FIXME scrypt.encrypt is broken in windows.
+ # This is a quick hack. The hostname might not be unique enough though.
+ # We could use a long random hash per entry and store it in the file.
+ # Other option is to use a different KDF that is supported by cryptography
+ # (ie, pbkdf)
+
if IS_WIN:
key = scrypt.hash(passwd, socket.gethostname())
key = base64.urlsafe_b64encode(key[:32])