bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-14 15:23:33 +00:00
Code Issues Releases Wiki Activity

Use 2 iterations for local password hashing (#404)

Browse Source 
* Use 2 iterations for local password hashing

* fix typo
This commit is contained in:
Thomas Rittson
2021-06-09 14:24:31 -07:00
committed by GitHub
parent 5ba1416679
commit 8797924bd1
8 changed files with 51 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
angular/src/components/export.component.ts
View File

@@ -9,7 +9,9 @@ import { EventService } from 'jslib-common/abstractions/event.service';
import { ExportService } from 'jslib-common/abstractions/export.service';
import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
import { EventType } from 'jslib-common/enums/eventType';
import { HashPurpose } from 'jslib-common/enums/hashPurpose';
@Directive()
export class ExportComponent {
@@ -40,7 +42,7 @@ export class ExportComponent {
return;
}
const keyHash = await this.cryptoService.hashPassword(this.masterPassword, null);
const keyHash = await this.cryptoService.hashPassword(this.masterPassword, null, HashPurpose.LocalAuthorization);
const storedKeyHash = await this.cryptoService.getKeyHash();
if (storedKeyHash != null && keyHash != null && storedKeyHash === keyHash) {
try {

15
angular/src/components/lock.component.ts
View File

@@ -21,6 +21,8 @@ import { PasswordVerificationRequest } from 'jslib-common/models/request/passwor
import { Utils } from 'jslib-common/misc/utils';
import { HashPurpose } from 'jslib-common/enums/hashPurpose';
@Directive()
export class LockComponent implements OnInit {
masterPassword: string = '';
@@ -110,22 +112,25 @@ export class LockComponent implements OnInit {
}
} else {
const key = await this.cryptoService.makeKey(this.masterPassword, this.email, kdf, kdfIterations);
const keyHash = await this.cryptoService.hashPassword(this.masterPassword, key);
const localKeyHash = await this.cryptoService.hashPassword(this.masterPassword, key,
HashPurpose.LocalAuthorization);
let passwordValid = false;
if (keyHash != null) {
if (localKeyHash != null) {
const storedKeyHash = await this.cryptoService.getKeyHash();
if (storedKeyHash != null) {
passwordValid = storedKeyHash === keyHash;
passwordValid = storedKeyHash === localKeyHash;
} else {
const request = new PasswordVerificationRequest();
request.masterPasswordHash = keyHash;
const serverKeyHash = await this.cryptoService.hashPassword(this.masterPassword, key,
HashPurpose.ServerAuthorization);
request.masterPasswordHash = serverKeyHash;
try {
this.formPromise = this.apiService.postAccountVerifyPassword(request);
await this.formPromise;
passwordValid = true;
await this.cryptoService.setKeyHash(keyHash);
await this.cryptoService.setKeyHash(localKeyHash);
} catch { }
}
}

6
angular/src/components/set-password.component.ts
View File

@@ -22,6 +22,7 @@ import { SetPasswordRequest } from 'jslib-common/models/request/setPasswordReque
import { ChangePasswordComponent as BaseChangePasswordComponent } from './change-password.component';
import { HashPurpose } from 'jslib-common/enums/hashPurpose';
import { KdfType } from 'jslib-common/enums/kdfType';
@Directive()
@@ -86,10 +87,13 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
await this.userService.setInformation(await this.userService.getUserId(), await this.userService.getEmail(),
this.kdf, this.kdfIterations);
await this.cryptoService.setKey(key);
await this.cryptoService.setKeyHash(masterPasswordHash);
await this.cryptoService.setEncKey(encKey[1].encryptedString);
await this.cryptoService.setEncPrivateKey(keys[1].encryptedString);
const localKeyHash = await this.cryptoService.hashPassword(this.masterPassword, key,
HashPurpose.LocalAuthorization);
await this.cryptoService.setKeyHash(localKeyHash);
if (this.onSuccessfulChangePassword != null) {
this.onSuccessfulChangePassword();
} else {