gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-03-01 14:22:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

frontend now generates two scrypt hashes with different salts - one for verification and one for encryption. Lowered complexity to half to not affect frontend performance.

Browse Source
This commit is contained in:
azivner 2017-09-08 20:55:24 -04:00
parent aebcabf77d
commit 9ba958205d
3 changed files with 35 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
generate-password.py
View File

@ -18,7 +18,7 @@ if password1 == password2:
hashed = scrypt.hash(password=password1, hashed = scrypt.hash(password=password1,
salt=salt, salt=salt,
N=16384, N=16384,
r=16, r=8,
p=1, p=1,
buflen=32) buflen=32)

2
src/app.py
View File

@ -65,7 +65,7 @@ def verify_password(hex_hashed_password, guessed_password):
hashed = scrypt.hash(password=guessed_password, hashed = scrypt.hash(password=guessed_password,
salt=salt, salt=salt,
N=16384, N=16384,
r=16, r=8,
p=1, p=1,
buflen=32) buflen=32)

54
static/js/encryption.js
View File

@ -32,14 +32,43 @@ let globalLastEncryptionOperationDate = null;
function deriveEncryptionKey(password) { function deriveEncryptionKey(password) {
// why this is done is explained here: https://github.com/ricmoo/scrypt-js - "Encoding notes" // why this is done is explained here: https://github.com/ricmoo/scrypt-js - "Encoding notes"
const normalizedPassword = password.normalize('NFKC'); const verificationSalt = "dc73b57736511340f132e4b5521d178afa6311c45e0c25e6a9339038507852a6";
const salt = "dc73b57736511340f132e4b5521d178afa6311c45e0c25e6a9339038507852a6";
const verificationPromise = computeScrypt(password, verificationSalt, (key, resolve, reject) => {
$.ajax({
url: baseUrl + 'password/verify',
type: 'POST',
data: JSON.stringify({
password: sha256(key)
}),
contentType: "application/json",
success: function (result) {
if (result.valid) {
resolve();
}
else {
alert("Wrong password");
reject();
}
}
});
});
const encryptionKeySalt = "2503bfc386bc028772f803887eaaf4d4a5c1019036873e4ba5de79a4efb7e8d8";
const encryptionKeyPromise = computeScrypt(password, encryptionKeySalt, (key, resolve, reject) => resolve(key));
return Promise.all([ verificationPromise, encryptionKeyPromise ]).then(results => results[1]);
}
function computeScrypt(password, salt, callback) {
const normalizedPassword = password.normalize('NFKC');
const passwordBuffer = new buffer.SlowBuffer(normalizedPassword); const passwordBuffer = new buffer.SlowBuffer(normalizedPassword);
const saltBuffer = new buffer.SlowBuffer(salt); const saltBuffer = new buffer.SlowBuffer(salt);
// this settings take ~500ms on my laptop // this settings take ~500ms on my laptop
const N = 16384, r = 16, p = 1; const N = 16384, r = 8, p = 1;
// 32 byte key - AES 256 // 32 byte key - AES 256
const dkLen = 32; const dkLen = 32;
@ -55,24 +84,7 @@ function deriveEncryptionKey(password) {
else if (key) { else if (key) {
console.log("Computation took " + (new Date().getTime() - startedDate.getTime()) + "ms"); console.log("Computation took " + (new Date().getTime() - startedDate.getTime()) + "ms");
$.ajax({ callback(key, resolve, reject);
url: baseUrl + 'password/verify',
type: 'POST',
data: JSON.stringify({
password: sha256(key)
}),
contentType: "application/json",
success: function (result) {
if (result.valid) {
resolve(key);
}
else {
alert("Wrong password");
reject();
}
}
});
} }
else { else {
// update UI with progress complete // update UI with progress complete