From 896bc6cd464c4e2807a6751bd2de8039bbe1fc63 Mon Sep 17 00:00:00 2001 From: Kent Shikama Date: Wed, 6 Jul 2016 12:17:54 +0900 Subject: [PATCH 1/2] Update hash_password script Signed-off-by: Kent Shikama --- scripts/hash_password | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/scripts/hash_password b/scripts/hash_password index e78460098..215ab25cf 100755 --- a/scripts/hash_password +++ b/scripts/hash_password @@ -1,10 +1,16 @@ #!/usr/bin/env python import argparse + +import sys + import bcrypt import getpass +import yaml + bcrypt_rounds=12 +password_pepper = "" def prompt_for_pass(): password = getpass.getpass("Password: ") @@ -28,12 +34,22 @@ if __name__ == "__main__": default=None, help="New password for user. Will prompt if omitted.", ) + parser.add_argument( + "-c", "--config", + type=argparse.FileType('r'), + help="Path to server config file. Used to read in bcrypt_rounds and password_pepper.", + ) args = parser.parse_args() + if "config" in args and args.config: + config = yaml.safe_load(args.config) + bcrypt_rounds = config.get("bcrypt_rounds", bcrypt_rounds) + password_config = config.get("password_config", {}) + password_pepper = password_config.get("pepper", password_pepper) password = args.password if not password: password = prompt_for_pass() - print bcrypt.hashpw(password, bcrypt.gensalt(bcrypt_rounds)) + print bcrypt.hashpw(password + password_pepper, bcrypt.gensalt(bcrypt_rounds)) From 8d9a884cee0b3ee5b18b0d037592bb9e5c3ae943 Mon Sep 17 00:00:00 2001 From: Kent Shikama Date: Wed, 6 Jul 2016 12:18:19 +0900 Subject: [PATCH 2/2] Update password config comment Signed-off-by: Kent Shikama --- synapse/config/password.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/synapse/config/password.py b/synapse/config/password.py index 66f0d93ee..a4bd17139 100644 --- a/synapse/config/password.py +++ b/synapse/config/password.py @@ -30,7 +30,7 @@ class PasswordConfig(Config): # Enable password for login. password_config: enabled: true - # Change to a secret random string. + # Uncomment and change to a secret random string for extra security. # DO NOT CHANGE THIS AFTER INITIAL SETUP! #pepper: "" """