From 12ada83027694f799d6ee5caddb00f5ffe1b4d8d Mon Sep 17 00:00:00 2001
From: Jon Bergli Heier <snakebite@jvnv.net>
Date: Tue, 15 Feb 2011 23:46:03 +0100
Subject: Use sha1 instead of md5.

---
 fbin.py             | 8 ++++----
 templates/help.tmpl | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/fbin.py b/fbin.py
index 9a1a4df..507512e 100755
--- a/fbin.py
+++ b/fbin.py
@@ -85,7 +85,7 @@ class Application(object):
 		finally:
 			session.close()
 
-		digest = hashlib.md5(str(uid) + user.password).hexdigest()
+		digest = hashlib.sha1(str(uid) + user.password).hexdigest()
 		return user if (digest == identifier) else None
 
 	def file(self, environ, start_response, path):
@@ -143,7 +143,7 @@ class Application(object):
 			}))
 
 		username = form.getvalue('username')
-		password = hashlib.md5(form.getvalue('password')).hexdigest()
+		password = hashlib.sha1(form.getvalue('password')).hexdigest()
 
 		user = self.get_user(username, password)
 
@@ -156,7 +156,7 @@ class Application(object):
 
 		c = Cookie.SimpleCookie()
 		c['uid'] = user.id
-		c['identifier'] = hashlib.md5(str(user.id) + password).hexdigest()
+		c['identifier'] = hashlib.sha1(str(user.id) + password).hexdigest()
 
 		dt = datetime.datetime.utcnow() + datetime.timedelta(days = 30)
 		expires = dt.strftime('%a, %d-%b-%y %H:%M:%S GMT')
@@ -187,7 +187,7 @@ class Application(object):
 				'error': 'Passwords doesn\'t match',
 			}))
 
-		user = self.add_user(username, hashlib.md5(password).hexdigest())
+		user = self.add_user(username, hashlib.sha1(password).hexdigest())
 		if not user:
 			start_response('200 OK', [('Content-Type', 'text/html')])
 			return str(templates.register(searchList = {
diff --git a/templates/help.tmpl b/templates/help.tmpl
index 48d12bc..95748f5 100644
--- a/templates/help.tmpl
+++ b/templates/help.tmpl
@@ -3,7 +3,7 @@
 #extends templates.base
 #def content
 		<p>Usage: POST to <a href="$scheme://$host/u">$scheme://$host/u</a> with filedata given to "file" and original filename to "filename".
-		Login is sent by cookies with user id in "uid" and an identifier which is md5(uid+md5(password)).</p>
+		Login is sent by cookies with user id in "uid" and an identifier which is sha1(uid+sha1(password)).</p>
 		<p>cURL example:
 		<code>curl -b 'uid=42; identifier=3858f62230ac3c915f300c664312c63f' -F 'file=@image.png' -F 'filename=image.png' http://myhost/u</code>
 		Here user id is 42 and the password is "foobar".</p>
-- 
cgit v1.2.3