diff --git a/deluge/core/rpcserver.py b/deluge/core/rpcserver.py index 76177ed1f..d7f07e348 100644 --- a/deluge/core/rpcserver.py +++ b/deluge/core/rpcserver.py @@ -528,10 +528,10 @@ def generate_ssl_keys(): """ This method generates a new SSL key/cert. """ - digest = "md5" + digest = "sha256" # Generate key pair pkey = crypto.PKey() - pkey.generate_key(crypto.TYPE_RSA, 1024) + pkey.generate_key(crypto.TYPE_RSA, 2048) # Generate cert request req = crypto.X509Req() @@ -544,7 +544,7 @@ def generate_ssl_keys(): cert = crypto.X509() cert.set_serial_number(0) cert.gmtime_adj_notBefore(0) - cert.gmtime_adj_notAfter(60 * 60 * 24 * 365 * 5) # Five Years + cert.gmtime_adj_notAfter(60 * 60 * 24 * 365 * 3) # Three Years cert.set_issuer(req.get_subject()) cert.set_subject(req.get_subject()) cert.set_pubkey(req.get_pubkey()) diff --git a/deluge/ui/web/auth.py b/deluge/ui/web/auth.py index 57bccbec6..5ede83fde 100644 --- a/deluge/ui/web/auth.py +++ b/deluge/ui/web/auth.py @@ -9,7 +9,7 @@ import hashlib import logging -import random +import os import time from datetime import datetime, timedelta from email.utils import formatdate @@ -108,11 +108,8 @@ class Auth(JSONComponent): only for future use currently. :type login: string """ - m = hashlib.md5() - m.update(login) - m.update(str(time.time())) - m.update(str(random.getrandbits(40))) - m.update(m.hexdigest()) + m = hashlib.sha256() + m.update(os.urandom(32)) session_id = m.hexdigest() config = component.get("DelugeWeb").config @@ -248,7 +245,7 @@ class Auth(JSONComponent): :type new_password: string """ log.debug("Changing password") - salt = hashlib.sha1(str(random.getrandbits(40))).hexdigest() + salt = hashlib.sha1(os.urandom(32)).hexdigest() s = hashlib.sha1(salt) s.update(utf8_encoded(new_password)) config = component.get("DelugeWeb").config