diff options
| author | Erich Eckner <git@eckner.net> | 2020-04-28 22:24:40 +0200 |
|---|---|---|
| committer | Erich Eckner <git@eckner.net> | 2020-04-28 22:26:57 +0200 |
| commit | a68dc7bb5c46840cca3fae0679db9f3291ae8f0f (patch) | |
| tree | 3cd18aca4425db6a73ba17067d48639144ae8db1 | |
| parent | 3c8223357b5c93d2edd8bad9a8a3f3465b8fa86c (diff) | |
| download | raspi-lights-out-a68dc7bb5c46840cca3fae0679db9f3291ae8f0f.tar.xz | |
httpdocs/index.php: chain hash to slow brute force down
| -rw-r--r-- | httpdocs/index.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/httpdocs/index.php b/httpdocs/index.php index a697be3..eb21166 100644 --- a/httpdocs/index.php +++ b/httpdocs/index.php @@ -29,7 +29,9 @@ function push_it() { } $saved_hash = trim(fgets($f)); fclose($f); - $entered_hash = hash('sha512', $_POST['password']); + $entered_hash = $_POST['password']; + for ($i=0; $i<1000; $i++) + $entered_hash = hash('sha512', $entered_hash . $i . $_POST['password']); if ($saved_hash != $entered_hash) { print '<font color="ff0000">Wrong password: ' . $entered_hash . '</font><br>' . "\n"; return; |