From 201a04ffb9dddadbd7be2fc587057017426ace2e Mon Sep 17 00:00:00 2001 From: Kevin Morris Date: Fri, 25 Jun 2021 16:17:38 -0700 Subject: [PATCH] gendummydata: employ a salted hash for users As of Python updates, we are no longer considering rows with empty salts to be legacy hashes. Update gendummydata.py to generate salts for the legacy passwords it uses with salt rounds = 4. Signed-off-by: Kevin Morris --- schema/gendummydata.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/schema/gendummydata.py b/schema/gendummydata.py index 35805d6c..11f2838a 100755 --- a/schema/gendummydata.py +++ b/schema/gendummydata.py @@ -16,6 +16,8 @@ import random import sys import time +import bcrypt + LOG_LEVEL = logging.DEBUG # logging level. set to logging.INFO to reduce output SEED_FILE = "/usr/share/dict/words" USER_ID = 5 # Users.ID of first bogus user @@ -182,11 +184,17 @@ for u in user_keys: # pass + # For dummy data, we just use 4 salt rounds. + salt = bcrypt.gensalt(rounds=4).decode() + + # "{salt}{username}" + to_hash = f"{salt}{u}" + h = hashlib.new('md5') - h.update(u.encode()) - s = ("INSERT INTO Users (ID, AccountTypeID, Username, Email, Passwd)" - " VALUES (%d, %d, '%s', '%s@example.com', '%s');\n") - s = s % (seen_users[u], account_type, u, u, h.hexdigest()) + h.update(to_hash.encode()) + s = ("INSERT INTO Users (ID, AccountTypeID, Username, Email, Passwd, Salt)" + " VALUES (%d, %d, '%s', '%s@example.com', '%s', '%s');\n") + s = s % (seen_users[u], account_type, u, u, h.hexdigest(), salt) out.write(s) log.debug("Number of developers: %d" % len(developers))