From 5313fd8d398b451e81f6e77ce87d23c3253a22f5 Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Tue, 28 Apr 2020 22:24:40 +0200
Subject: httpdocs/index.php: chain hash to slow brute force down

---
 httpdocs/index.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/httpdocs/index.php b/httpdocs/index.php
index 108bf9c..e8a97ad 100644
--- a/httpdocs/index.php
+++ b/httpdocs/index.php
@@ -29,7 +29,9 @@ function push_it() {
   }
   $saved_hash = trim(fgets($f));
   fclose($f);
-  $entered_hash = hash('sha512', $_POST['password']);
+  $entered_hash = $_POST['password'];
+  for ($i=0; $i<1000; $i++)
+    $entered_hash = hash('sha512', $entered_hash . $i . $_POST['password']);
   if ($saved_hash != $entered_hash) {
     print '<font color="ff0000">Wrong password: ' . $entered_hash . '</font><br>' . "\n";
     return;
-- 
cgit v1.2.3-54-g00ecf