From ce4242f87ff39d055738c973ca2a8de3557bf0e2 Mon Sep 17 00:00:00 2001 From: trivernis Date: Sun, 16 Feb 2020 09:13:14 +0100 Subject: [PATCH] Change Password derivation function to use scrypt for the hash --- cryptpng.go | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/cryptpng.go b/cryptpng.go index 4942ef9..dbea358 100644 --- a/cryptpng.go +++ b/cryptpng.go @@ -4,7 +4,6 @@ import ( "crypto/aes" "crypto/cipher" "crypto/rand" - "crypto/sha512" "errors" "flag" "fmt" @@ -15,6 +14,7 @@ import ( "syscall" "math" + "golang.org/x/crypto/scrypt" "golang.org/x/crypto/ssh/terminal" ) @@ -27,6 +27,10 @@ func check(err error) { const saltChunkName = "saLt" const chunkName = "crPt" const chunkSize = 0x100000 +const scrN = 32768 +const scrR = 8 +const scrP = 1 +const scrKeyLength = 32 var inputFile string var outputFile string @@ -131,16 +135,17 @@ func readPassword(passwordSalt *[]byte) ([]byte, []byte) { fmt.Print("Password: ") bytePw, err := terminal.ReadPassword(int(syscall.Stdin)) check(err) - hash := sha512.New512_256() if passwordSalt != nil { - hash.Write(append(*passwordSalt, bytePw...)) - return hash.Sum(nil), *passwordSalt + key, err := scrypt.Key(bytePw, *passwordSalt, scrN, scrR, scrP, scrKeyLength) + check(err) + return key, *passwordSalt } else { salt := make([]byte, 32) _, err = io.ReadFull(rand.Reader, salt) check(err) - hash.Write(append(salt, bytePw...)) - return hash.Sum(nil), salt + key, err := scrypt.Key(bytePw, salt, scrN, scrR, scrP, scrKeyLength) + check(err) + return key, salt } }