diff options
| author | Jesusaves <cpntb1@ymail.com> | 2021-12-18 18:24:54 -0300 |
|---|---|---|
| committer | Jesusaves <cpntb1@ymail.com> | 2021-12-18 18:24:54 -0300 |
| commit | 117882a7e3edefbb669035af196fd3d3ce56ed19 (patch) | |
| tree | 7b53983850a49bd10ed676d84d991dddc2b15fc7 | |
| parent | 61e476563f30def0435341f9e72490bf81348ba4 (diff) | |
| download | renpy-117882a7e3edefbb669035af196fd3d3ce56ed19.tar.gz renpy-117882a7e3edefbb669035af196fd3d3ce56ed19.tar.bz2 renpy-117882a7e3edefbb669035af196fd3d3ce56ed19.tar.xz renpy-117882a7e3edefbb669035af196fd3d3ce56ed19.zip | |
Move the subkey to MultiPersistent and increase a bit entropy.
It is less safe than SHA-1, and the hash itself is vulnerable to bruteforce.
But this should be enough for general purpose.
| -rw-r--r-- | game/core.rpy | 1 | ||||
| -rw-r--r-- | game/update.rpy | 2 | ||||
| -rw-r--r-- | game/vault.rpy | 9 |
3 files changed, 7 insertions, 5 deletions
diff --git a/game/core.rpy b/game/core.rpy index ebae01b..26e2b1b 100644 --- a/game/core.rpy +++ b/game/core.rpy @@ -207,6 +207,7 @@ init 10 python: md5check_client(silent=True) persistent.last_run = now() + mp = MultiPersistent("vault.themanaworld.org", True) ######### Done with pre-init label splashscreen: diff --git a/game/update.rpy b/game/update.rpy index 16e0cf9..0e285b8 100644 --- a/game/update.rpy +++ b/game/update.rpy @@ -491,6 +491,6 @@ label resetm: label resetp: $ persistent.rhash = None $ persistent.passd = None - $ persistent.sub = None + $ mp.sub = None return diff --git a/game/vault.rpy b/game/vault.rpy index d6477f8..be6fe55 100644 --- a/game/vault.rpy +++ b/game/vault.rpy @@ -54,7 +54,7 @@ init python: self.variable = str(persistent.email) uedit[key] = str(self.variable) if (persistent.passd is not None and self.variable == "***"): - self.variable = str(bytearray((x ^ (persistent.rhash/persistent.sub) for x in bytearray(persistent.passd, 'utf-8')))) + self.variable = str(bytearray((x ^ (persistent.rhash/mp.sub) for x in bytearray(persistent.passd, 'utf-8')))) uedit[key] = str(self.variable) def get_text(self): @@ -201,10 +201,11 @@ label register_vault: if uedit["rbmx"]: $ persistent.email = str(email) if uedit["rbpd"]: - $ hsh = renpy.random.randint(11, 63) - $ persistent.sub = renpy.random.randint(127, 2048) - $ persistent.rhash = int(hsh)*persistent.sub + $ hsh = renpy.random.randint(11, 127) + $ mp.sub = renpy.random.randint(127, 16777215) + $ persistent.rhash = int(hsh)*mp.sub $ persistent.passd = str(bytearray(x ^ hsh for x in bytearray(password, 'utf-8'))) + $ mp.save() # Wait for Vault to confirm. if (r.status_code != 200): |