alteropen/jellyfin
1
0
Fork 0
mirror of https://github.com/jellyfin/jellyfin.git synced 2026-06-05 07:18:47 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Replace PBKDF2-SHA1 with PBKDF2-SHA512

Browse Source 
This also migrates already created passwords on login

Source for the number of iterations:
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
This commit is contained in:
Bond_009
2021-11-10 22:34:54 +01:00
parent 4c88bf3fe3
commit 5265b3eee7
9 changed files with 88 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Emby.Server.Implementations/LiveTv/Listings/SchedulesDirect.cs
View File

@@ -11,6 +11,7 @@ using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Net.Mime;
using System.Security.Cryptography;
using System.Text;
using System.Text.Json;
using System.Threading;
@@ -648,7 +649,7 @@ namespace Emby.Server.Implementations.LiveTv.Listings
CancellationToken cancellationToken)
{
using var options = new HttpRequestMessage(HttpMethod.Post, ApiUrl + "/token");
var hashedPasswordBytes = _cryptoProvider.ComputeHash("SHA1", Encoding.ASCII.GetBytes(password), Array.Empty<byte>());
var hashedPasswordBytes = SHA1.HashData(Encoding.ASCII.GetBytes(password));
// TODO: remove ToLower when Convert.ToHexString supports lowercase
// Schedules Direct requires the hex to be lowercase
string hashedPassword = Convert.ToHexString(hashedPasswordBytes).ToLowerInvariant();