Switch from md5 to sha256 for UIDs and tokens

This commit is contained in:
Unrud 2020-01-15 11:20:48 +01:00
parent 6697a6c8c4
commit c99a1f53df
5 changed files with 13 additions and 12 deletions

3
config
View File

@ -70,7 +70,8 @@
# Htpasswd encryption method # Htpasswd encryption method
# Value: plain | sha1 | ssha | crypt | bcrypt | md5 # Value: plain | sha1 | ssha | crypt | bcrypt | md5
# Only bcrypt can be considered secure. # Only bcrypt can be considered secure.
# bcrypt and md5 require the passlib library to be installed. # bcrypt requires the passlib[bcrypt] module and md5 requires
# the passlib module.
#htpasswd_encryption = bcrypt #htpasswd_encryption = bcrypt
# Incorrect authentication delay (seconds) # Incorrect authentication delay (seconds)

View File

@ -25,7 +25,7 @@ Module for address books and calendar entries (see ``Item``).
import math import math
import sys import sys
from hashlib import md5 from hashlib import sha256
from random import getrandbits from random import getrandbits
import vobject import vobject
@ -183,7 +183,7 @@ def get_etag(text):
Encoded as quoted-string (see RFC 2616). Encoded as quoted-string (see RFC 2616).
""" """
etag = md5() etag = sha256()
etag.update(text.encode("utf-8")) etag.update(text.encode("utf-8"))
return '"%s"' % etag.hexdigest() return '"%s"' % etag.hexdigest()

View File

@ -25,7 +25,7 @@ Take a look at the class ``BaseCollection`` if you want to implement your own.
import contextlib import contextlib
import json import json
from hashlib import md5 from hashlib import sha256
import pkg_resources import pkg_resources
import vobject import vobject
@ -79,7 +79,7 @@ class BaseCollection:
@property @property
def etag(self): def etag(self):
"""Encoded as quoted-string (see RFC 2616).""" """Encoded as quoted-string (see RFC 2616)."""
etag = md5() etag = sha256()
for item in self.get_all(): for item in self.get_all():
etag.update((item.href + "/" + item.etag).encode("utf-8")) etag.update((item.href + "/" + item.etag).encode("utf-8"))
etag.update(json.dumps(self.get_meta(), sort_keys=True).encode()) etag.update(json.dumps(self.get_meta(), sort_keys=True).encode())

View File

@ -19,7 +19,7 @@
import os import os
import pickle import pickle
import time import time
from hashlib import md5 from hashlib import sha256
from radicale import pathutils, storage from radicale import pathutils, storage
from radicale.log import logger from radicale.log import logger
@ -54,7 +54,7 @@ class CollectionCacheMixin:
self._storage._sync_directory(folder) self._storage._sync_directory(folder)
def _item_cache_hash(self, raw_text): def _item_cache_hash(self, raw_text):
_hash = md5() _hash = sha256()
_hash.update(storage.CACHE_VERSION) _hash.update(storage.CACHE_VERSION)
_hash.update(raw_text) _hash.update(raw_text)
return _hash.hexdigest() return _hash.hexdigest()

View File

@ -19,7 +19,7 @@
import itertools import itertools
import os import os
import pickle import pickle
from hashlib import md5 from hashlib import sha256
from radicale.log import logger from radicale.log import logger
@ -27,10 +27,10 @@ from radicale.log import logger
class CollectionSyncMixin: class CollectionSyncMixin:
def sync(self, old_token=None): def sync(self, old_token=None):
# The sync token has the form http://radicale.org/ns/sync/TOKEN_NAME # The sync token has the form http://radicale.org/ns/sync/TOKEN_NAME
# where TOKEN_NAME is the md5 hash of all history etags of present and # where TOKEN_NAME is the sha256 hash of all history etags of present
# past items of the collection. # and past items of the collection.
def check_token_name(token_name): def check_token_name(token_name):
if len(token_name) != 32: if len(token_name) != 64:
return False return False
for c in token_name: for c in token_name:
if c not in "0123456789abcdef": if c not in "0123456789abcdef":
@ -47,7 +47,7 @@ class CollectionSyncMixin:
raise ValueError("Malformed token: %r" % old_token) raise ValueError("Malformed token: %r" % old_token)
# Get the current state and sync-token of the collection. # Get the current state and sync-token of the collection.
state = {} state = {}
token_name_hash = md5() token_name_hash = sha256()
# Find the history of all existing and deleted items # Find the history of all existing and deleted items
for href, item in itertools.chain( for href, item in itertools.chain(
((item.href, item) for item in self.get_all()), ((item.href, item) for item in self.get_all()),