arno/pi-hole
1
0
Fork 0
mirror of https://github.com/pi-hole/pi-hole synced 2024-11-20 15:18:32 +00:00
Code Issues Releases Wiki Activity

Compute double hashes to avoid rainbow table vulnerability

Browse Source
This commit is contained in:
DL6ER 2016-11-16 22:13:47 +01:00
parent 9193c71cff
commit 01bf1ae92d
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
advanced/Scripts/webpage.sh
View File

@ -1,9 +1,8 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Pi-hole: A black hole for Internet advertisements # Pi-hole: A black hole for Internet advertisements
# (c) 2015, 2016 by Jacob Salmela
# Network-wide ad blocking via your Raspberry Pi # Network-wide ad blocking via your Raspberry Pi
# http://pi-hole.net # http://pi-hole.net
# Whitelists and blacklists domains # Web interface settings
# #
# Pi-hole is free software: you can redistribute it and/or modify # Pi-hole is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
@ -44,8 +43,9 @@ SetWebPassword(){
# Remove password from file (create backup setupVars.conf.bak) # Remove password from file (create backup setupVars.conf.bak)
sed -i.bak '/webpassword/d' /etc/pihole/setupVars.conf sed -i.bak '/webpassword/d' /etc/pihole/setupVars.conf
# Compute password hash # Compute password hash twice to avoid rainbow table vulnerability
hash=$(echo -n ${args[2]} | sha256sum | sed 's/\s.*$//') hash=$(echo -n ${args[2]} | sha256sum | sed 's/\s.*$//')
hash=$(echo -n ${hash} | sha256sum | sed 's/\s.*$//')
# Save hash to file # Save hash to file
echo "webpassword=${hash}" >> /etc/pihole/setupVars.conf echo "webpassword=${hash}" >> /etc/pihole/setupVars.conf