kumi/andOTP
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Store the hashed passwords hex-encoded

Browse source
This commit is contained in:
Jakob Nixdorf 2017-10-05 10:32:39 +02:00
parent fc071982c1
commit 09d0aae81b
No known key found for this signature in database
GPG key ID: BE99BF86574A7DBC
4 changed files with 10 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/src/main/java/org/shadowice/flocke/andotp/Activities/AuthenticateActivity.java
View file

@ -38,8 +38,9 @@ import android.widget.EditText;
import android.widget.TextView;
import android.widget.Toast;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.codec.digest.DigestUtils;
import org.shadowice.flocke.andotp.R;
import org.shadowice.flocke.andotp.Utilities.EncryptionHelper;
import static org.shadowice.flocke.andotp.Utilities.Settings.AuthMethod;
@ -103,7 +104,7 @@ public class AuthenticateActivity extends ThemedActivity
@Override
public boolean onEditorAction(TextView v, int actionId, KeyEvent event) {
if (actionId == EditorInfo.IME_ACTION_DONE) {
String hashedPassword = EncryptionHelper.SHA256Sum(v.getText().toString());
String hashedPassword = new String(Hex.encodeHex(DigestUtils.sha256(v.getText().toString())));
if (hashedPassword.equals(password)) {
finishWithResult(true);

5
app/src/main/java/org/shadowice/flocke/andotp/Preferences/PasswordHashPreference.java
View file

@ -37,8 +37,9 @@ import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.codec.digest.DigestUtils;
import org.shadowice.flocke.andotp.R;
import org.shadowice.flocke.andotp.Utilities.EncryptionHelper;
public class PasswordHashPreference extends DialogPreference
implements View.OnClickListener, TextWatcher {
@ -139,7 +140,7 @@ public class PasswordHashPreference extends DialogPreference
break;
case (R.id.btnSave):
value = passwordInput.getText().toString();
String hashedPassword = EncryptionHelper.SHA256Sum(value);
String hashedPassword = new String(Hex.encodeHex(DigestUtils.sha256(value)));
persistString(hashedPassword);

13
app/src/main/java/org/shadowice/flocke/andotp/Utilities/EncryptionHelper.java
View file

@ -49,19 +49,6 @@ public class EncryptionHelper {
private final static int KEY_LENGTH = 16;
private final static int IV_LENGTH = 12;
public static String SHA256Sum(String input) {
String hash = "";
try {
MessageDigest sha = MessageDigest.getInstance("SHA-256");
hash = new String(sha.digest(input.getBytes("UTF-8")), "UTF-8");
} catch (Exception e) {
e.printStackTrace();
}
return hash;
}
public static byte[] encrypt(SecretKey secretKey, IvParameterSpec iv, byte[] plainText) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, UnsupportedEncodingException, BadPaddingException, IllegalBlockSizeException {
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, secretKey, iv);

7
app/src/main/java/org/shadowice/flocke/andotp/Utilities/Settings.java
View file

@ -26,9 +26,10 @@ import android.content.Context;
import android.content.SharedPreferences;
import android.preference.PreferenceManager;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.codec.digest.DigestUtils;
import org.shadowice.flocke.andotp.R;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Set;
@ -54,7 +55,7 @@ public class Settings {
private void migrateDeprecatedSettings() {
if (settings.contains(getResString(R.string.settings_key_auth_password))) {
String plainPassword = getAuthPassword();
String hashedPassword = EncryptionHelper.SHA256Sum(plainPassword);
String hashedPassword = new String(Hex.encodeHex(DigestUtils.sha256(plainPassword)));
setString(R.string.settings_key_auth_password_hash, hashedPassword);
@ -63,7 +64,7 @@ public class Settings {
if (settings.contains(getResString(R.string.settings_key_auth_pin))) {
String plainPIN = getAuthPIN();
String hashedPIN = EncryptionHelper.SHA256Sum(plainPIN);
String hashedPIN = new String(Hex.encodeHex(DigestUtils.sha256(plainPIN)));
setString(R.string.settings_key_auth_pin_hash, hashedPIN);