Commit 6007482d authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

use urlsafe_b64 instead of b32 for even shorter key but still url safe.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@43863 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent c6ca20a1
...@@ -56,7 +56,7 @@ from Products.ERP5Security.ERP5UserManager import ERP5UserManager,\ ...@@ -56,7 +56,7 @@ from Products.ERP5Security.ERP5UserManager import ERP5UserManager,\
_AuthenticationFailure _AuthenticationFailure
from Crypto.Cipher import AES from Crypto.Cipher import AES
from base64 import b32decode, b32encode from base64 import urlsafe_b64decode, urlsafe_b64encode
class AESCipher: class AESCipher:
mode = AES.MODE_CFB mode = AES.MODE_CFB
...@@ -67,11 +67,11 @@ class AESCipher: ...@@ -67,11 +67,11 @@ class AESCipher:
def encrypt(self, login): def encrypt(self, login):
encryptor = AES.new(self.encryption_key, self.mode) encryptor = AES.new(self.encryption_key, self.mode)
return b32encode(encryptor.encrypt(login.ljust(((len(login)-1)/16+1)*16))) return urlsafe_b64encode(encryptor.encrypt(login.ljust(((len(login)-1)/16+1)*16)))
def decrypt(self, crypted_login): def decrypt(self, crypted_login):
decryptor = AES.new(self.encryption_key, self.mode) decryptor = AES.new(self.encryption_key, self.mode)
return decryptor.decrypt(b32decode(crypted_login)).rstrip() return decryptor.decrypt(urlsafe_b64decode(crypted_login)).rstrip()
# This cipher is weak. Do not use. # This cipher is weak. Do not use.
class CesarCipher: class CesarCipher:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment