From ba7b8145c7042eb6f56e11ddc2f497f0be3ec19e Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Tue, 28 Apr 2020 22:24:40 +0200
Subject: httpdocs/index.php: chain hash to slow brute force down

---
 index.php.in | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/index.php.in b/index.php.in
index c3dc987..efa6b85 100644
--- a/index.php.in
+++ b/index.php.in
@@ -42,7 +42,9 @@ function push_it() {
   }
   $saved_hash = trim(fgets($f));
   fclose($f);
-  $entered_hash = hash('sha512', $_POST['password']);
+  $entered_hash = $_POST['password'];
+  for ($i=0; $i<1000; $i++)
+    $entered_hash = hash('sha512', $entered_hash . $i . $_POST['password']);
   if ($saved_hash != $entered_hash) {
     print '<font color="ff0000">Wrong password: ' . $entered_hash . '</font><br>' . "\n";
     return;
-- 
cgit v1.2.3-54-g00ecf