import (
"encoding/binary"
+ "golang.org/x/crypto/bcrypt"
+ "log"
)
// User flags are stored as a 2 byte bitmap with the following values:
// DecodeUserString decodes an obfuscated user string from a client
// e.g. 98 8a 9a 8c 8b => "guest"
-func DecodeUserString(encodedString []byte) (decodedString string) {
- for _, char := range encodedString {
- decodedString += string(rune(255 - uint(char)))
+func DecodeUserString(obfuText []byte) (clearText string) {
+ for _, char := range obfuText {
+ clearText += string(rune(255 - uint(char)))
}
- return decodedString
+ return clearText
}
-// Take a []byte of uncoded ascii as input and encode it
-// TODO: change the method signature to take a string and return []byte
-func NegatedUserString(encodedString []byte) string {
- var decodedString string
- for _, char := range encodedString {
- decodedString += string(255 - uint8(char))[1:]
+// negateString takes []byte s containing cleartext and rotates by 255 into obfuscated cleartext.
+// The Hotline protocol uses this format for sending passwords over network.
+// Not secure, but hey, it was the 90s!
+func negateString(clearText []byte) []byte {
+ obfuText := make([]byte, len(clearText))
+ for i := 0; i < len(clearText); i++ {
+ obfuText[i] = 255 - clearText[i]
}
- return decodedString
+ return obfuText
+}
+
+func hashAndSalt(pwd []byte) string {
+ // Use GenerateFromPassword to hash & salt pwd.
+ // MinCost is just an integer constant provided by the bcrypt
+ // package along with DefaultCost & MaxCost.
+ // The cost can be any value you want provided it isn't lower
+ // than the MinCost (4)
+ hash, err := bcrypt.GenerateFromPassword(pwd, bcrypt.MinCost)
+ if err != nil {
+ log.Println(err)
+ }
+ // GenerateFromPassword returns a byte slice so we need to
+ // convert the bytes to a string and return it
+ return string(hash)
}
git.r.bdr.sh / rbdr / mobius / blobdiff