From 06d985069a18d7e165cc781996d2f8e9238c2278 Mon Sep 17 00:00:00 2001
From: "Kali Kaneko (leap communications)" <kali@leap.se>
Date: Thu, 27 Oct 2016 00:54:00 +0200
Subject: [docs] add a fixme for the scrypt workaround

---
 src/leap/bitmask/core/uuid_map.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/leap/bitmask/core/uuid_map.py b/src/leap/bitmask/core/uuid_map.py
index 9c13fc5..262e3db 100644
--- a/src/leap/bitmask/core/uuid_map.py
+++ b/src/leap/bitmask/core/uuid_map.py
@@ -112,7 +112,12 @@ class UserMap(object):
 def _encode_uuid_map(userid, uuid, passwd):
     data = 'userid:%s:uuid:%s' % (userid, uuid)
 
-    # TODO review usage of the raw passwd here
+    # FIXME scrypt.encrypt is broken in windows.
+    # This is a quick hack. The hostname might not be unique enough though.
+    # We could use a long random hash per entry and store it in the file.
+    # Other option is to use a different KDF that is supported by cryptography
+    # (ie, pbkdf)
+
     if IS_WIN:
         key = scrypt.hash(passwd, socket.gethostname())
         key = base64.urlsafe_b64encode(key[:32])
-- 
cgit v1.2.3