From: Felix Dörre <felix@dogcraft.de>
Date: Fri, 5 Dec 2014 17:10:55 +0000 (+0100)
Subject: upd: use scrypt for new passwords.
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=4a16fea18675eaac13439f1dcefede4a49d9164e

upd: use scrypt for new passwords.
---

diff --git a/src/org/cacert/gigi/util/PasswordHash.java b/src/org/cacert/gigi/util/PasswordHash.java
index aaff2268..d6b0b906 100644
--- a/src/org/cacert/gigi/util/PasswordHash.java
+++ b/src/org/cacert/gigi/util/PasswordHash.java
@@ -3,9 +3,14 @@ package org.cacert.gigi.util;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 
+import com.lambdaworks.crypto.SCryptUtil;
+
 public class PasswordHash {
 
     public static boolean verifyHash(String password, String hash) {
+        if (hash.contains("$")) {
+            return SCryptUtil.check(password, hash);
+        }
         String newhash = sha1(password);
         boolean match = true;
         if (newhash.length() != hash.length()) {
@@ -33,6 +38,6 @@ public class PasswordHash {
     }
 
     public static String hash(String password) {
-        return sha1(password);
+        return SCryptUtil.scrypt(password, 1 << 14, 8, 1);
     }
 }