Use SHA256 instead of MD5 for the network transfert

2014-05-21 21:38:27 +02:00 · 2014-05-21 21:38:27 +02:00 · 472b4c501b
parent f7b94229b1
commit 472b4c501b
3 changed files with 9 additions and 14 deletions
--- a/glances/core/glances_main.py
+++ b/glances/core/glances_main.py
@ -160,11 +160,11 @@ class GlancesMain(object):
        # Server or client login/password
        args.username = self.username
        if args.password_arg is not None:
-            import hashlib
+            from hashlib import sha256
            # Password is given as an argument
-            # Hash with MD5
-            # Only the MD5 will be transmit on the network
-            args.password = hashlib.md5(args.password_arg).hexdigest()
+            # Hash with SHA256
+            # Only the SHA will be transmit on the network
+            args.password = sha256(args.password_arg).hexdigest()
        elif args.password_prompt:
            # Interactive or file password
            if args.server:
--- a/glances/core/glances_password.py
+++ b/glances/core/glances_password.py
@ -99,7 +99,7 @@ class glancesPassword:

        For Glances client, get the password (confirm=False, clear=True)
        1) From the CLI
-        2) The password is hashed with MD5 (only MD5 string transit thrught the network)
+        2) The password is hashed with SHA256 (only SHA string transit thrught the network)
        """

        if os.path.exists(self.password_filepath) and not clear:
@ -113,11 +113,11 @@ class glancesPassword:

            # password_plain is the password MD5
            # password_hashed is the hashed password
-            password_md5 = hashlib.md5(getpass.getpass(_("Password: "))).hexdigest()
-            password_hashed = self.hash_password(password_md5)
+            password_sha = hashlib.sha256(getpass.getpass(_("Password: "))).hexdigest()
+            password_hashed = self.hash_password(password_sha)
            if confirm:
                # password_confirm is the clear password (only used to compare)
-                password_confirm = hashlib.md5(getpass.getpass(_("Password (confirm): "))).hexdigest()
+                password_confirm = hashlib.sha256(getpass.getpass(_("Password (confirm): "))).hexdigest()

                if not self.check_password(password_hashed, password_confirm):
                    sys.stdout.write(_("[Error] Sorry, but passwords did not match...\n"))
@ -125,7 +125,7 @@ class glancesPassword:

            # Return the clear or hashed password
            if clear:
-                password = password_md5
+                password = password_sha
            else:
                password = password_hashed

--- a/glances/core/glances_server.py
+++ b/glances/core/glances_server.py
@ -22,7 +22,6 @@ import json
 import socket
 import sys
 from base64 import b64decode
-from hashlib import md5
 try:
    from xmlrpc.server import SimpleXMLRPCRequestHandler
    from xmlrpc.server import SimpleXMLRPCServer
@ -83,10 +82,6 @@ class GlancesXMLRPCHandler(SimpleXMLRPCRequestHandler):

            pwd = glancesPassword()

-            # print "Server password: %s" % self.server.user_dict[username]
-            # print "Client password: %s" % password
-            # print "MD5Cli password: %s" % md5(password).hexdigest()
-            # print "check_password:  %s" % pwd.check_password(self.server.user_dict[username], password)
            return pwd.check_password(self.server.user_dict[username], password)
        else:
            return False