Use yescrypt instead of SHA512 for passwords (06de8a5) - webinterface.git

inc/security.php

@@ -17,7 +17,12 @@ require_once('vendor/autoload.php');
 
 function gen_pw_hash($password)
 {
-    $pwhash = crypt($password, '$6$' . random_string(6));
+    /* For yescrypt, a 128 bit salt in non-standard base64 is
+       needed. We just need random data with valid encoding. */
+    $salt = base64_encode(random_bytes(16));
+    $salt = rtrim($salt, "=");
+    $salt = strtr($salt, "AQgw+/01", "./01AQgw");
+    $pwhash = crypt($password, '$y$j9T$' . $salt);
     if (strlen($pwhash) < 13) {
         /* returns a string shorter than 13 chars on failure */
         system_failure("Failed to calculate password hash!");


...	...	@@ -17,7 +17,12 @@ require_once('vendor/autoload.php');
17	17
18	18	function gen_pw_hash($password)
19	19	{
20		- $pwhash = crypt($password, '$6$' . random_string(6));
	20	+ /* For yescrypt, a 128 bit salt in non-standard base64 is
	21	+ needed. We just need random data with valid encoding. */
	22	+ $salt = base64_encode(random_bytes(16));
	23	+ $salt = rtrim($salt, "=");
	24	+ $salt = strtr($salt, "AQgw+/01", "./01AQgw");
	25	+ $pwhash = crypt($password, '$y$j9T$' . $salt);
21	26	if (strlen($pwhash) < 13) {
22	27	/* returns a string shorter than 13 chars on failure */
23	28	system_failure("Failed to calculate password hash!");
24	29