git-echo/linux_patch_manager
Private
Public Access
1
0
Fork 0
Code Releases 8 Wiki Activity

fix(postinst): thorough audit - fix argon2 salt and verify all password generation logic (#57)

Browse Source
This commit is contained in:
Draco-Lunaris-Echo
2026-06-09 09:10:31 -05:00
committed by GitHub
parent 0c0f952f7f
commit 592ff6a7ee
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
debian/postinst vendored
View File

@ -207,8 +207,11 @@ generate_admin_password() {
admin_password=$(openssl rand -base64 32 | tr -dc 'A-Za-z0-9!@#%^&*' | head -c 24) admin_password=$(openssl rand -base64 32 | tr -dc 'A-Za-z0-9!@#%^&*' | head -c 24)
# Hash with argon2 (PHC format, compatible with the application) # Hash with argon2 (PHC format, compatible with the application)
# Generate a random 16-character salt (argon2 requires minimum 8 characters)
local admin_salt
admin_salt=$(openssl rand -base64 24 | tr -dc 'A-Za-z0-9' | head -c 16)
local password_hash local password_hash
password_hash=$(echo -n "${admin_password}" | argon2 salt -id -t 3 -m 16 -p 1 -l 32 -e) password_hash=$(echo -n "${admin_password}" | argon2 "${admin_salt}" -id -t 3 -m 16 -p 1 -l 32 -e)
# Update admin user password in database # Update admin user password in database
# Only update if the placeholder hash is still present # Only update if the placeholder hash is still present