summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2020-04-28 22:24:40 +0200
committerErich Eckner <git@eckner.net>2021-01-30 20:39:18 +0100
commitba7b8145c7042eb6f56e11ddc2f497f0be3ec19e (patch)
tree10044ac4a47c43ce4da5d08443713fc8e8fd03d0
parent475143e6a7fd771cd588045ad1d1be2cb424f0c2 (diff)
downloadraspi-lights-out-ba7b8145c7042eb6f56e11ddc2f497f0be3ec19e.tar.xz
httpdocs/index.php: chain hash to slow brute force downv0.0
-rw-r--r--index.php.in4
1 files changed, 3 insertions, 1 deletions
diff --git a/index.php.in b/index.php.in
index c3dc987..efa6b85 100644
--- a/index.php.in
+++ b/index.php.in
@@ -42,7 +42,9 @@ function push_it() {
}
$saved_hash = trim(fgets($f));
fclose($f);
- $entered_hash = hash('sha512', $_POST['password']);
+ $entered_hash = $_POST['password'];
+ for ($i=0; $i<1000; $i++)
+ $entered_hash = hash('sha512', $entered_hash . $i . $_POST['password']);
if ($saved_hash != $entered_hash) {
print '<font color="ff0000">Wrong password: ' . $entered_hash . '</font><br>' . "\n";
return;