sascha/esphome
1
0
Fork 0
mirror of https://github.com/esphome/esphome.git synced 2025-10-30 22:53:59 +00:00
Code Issues Releases Wiki Activity

Fix hmac with non-ASCII passwords

Browse Source
This commit is contained in:
Otto Winter
2018-06-07 21:52:41 +02:00
parent 7b630bfb8b
commit e063f2aaea
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
esphomeyaml/dashboard/dashboard.py
View File

@@ -236,7 +236,7 @@ def start_web_server(args):
PASSWORD = js.get('password') or PASSWORD PASSWORD = js.get('password') or PASSWORD
if PASSWORD: if PASSWORD:
PASSWORD = hmac.new(PASSWORD).digest() PASSWORD = hmac.new(str(PASSWORD)).digest()
# Use the digest of the password as our cookie secret. This makes sure the cookie # Use the digest of the password as our cookie secret. This makes sure the cookie
# isn't too short. It, of course, enables local hash brute forcing (because the cookie # isn't too short. It, of course, enables local hash brute forcing (because the cookie
# secret can be brute forced without making requests). But the hashing algorithm used # secret can be brute forced without making requests). But the hashing algorithm used