From 4074b22da72f95ff1b3b2477e6633c94d855e57a Mon Sep 17 00:00:00 2001 From: Guillaume Vincent Date: Sun, 7 Feb 2016 14:16:26 +0100 Subject: [PATCH] fix error in password generator with counter --- app/lesspass.js | 4 ++-- tests/lesspass.tests.js | 46 ++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 44 insertions(+), 6 deletions(-) diff --git a/app/lesspass.js b/app/lesspass.js index 432460f..477ac13 100644 --- a/app/lesspass.js +++ b/app/lesspass.js @@ -22,8 +22,8 @@ export default class lesspass { }); } - static _createHash(masterPassword, {site, password={length: 12}, counter=1}) { - var salt = site + counter.toString(); + static _createHash(masterPassword, {site, password={length: 12, counter: 1}}) { + var salt = site + password.counter.toString(); var hash = crypto.createHmac('sha256', masterPassword).update(salt).digest('hex'); return hash.substring(0, password.length); } diff --git a/tests/lesspass.tests.js b/tests/lesspass.tests.js index d98fe93..2888e84 100644 --- a/tests/lesspass.tests.js +++ b/tests/lesspass.tests.js @@ -27,6 +27,29 @@ describe('LessPass', ()=> { }; assert.equal('Vexu8[Syce4&', Lesspass.createPassword(masterPassword, entry)); }); + it('should create 2 passwords different if counter different', function () { + var masterPassword = "password"; + var entry = { + site: 'facebook', + password: { + length: 14, + settings: ['lowercase', 'uppercase', 'numbers', 'symbols'], + counter: 1 + } + }; + var entry2 = { + site: 'facebook', + password: { + length: 14, + settings: ['lowercase', 'uppercase', 'numbers', 'symbols'], + counter: 2 + } + }; + assert.notEqual( + Lesspass.createPassword(masterPassword, entry), + Lesspass.createPassword(masterPassword, entry2) + ); + }); it('should create master password with pbkdf2 (8192 iterations and sha 256)', (done)=> { var email = 'test@lesspass.com'; var password = "password"; @@ -59,7 +82,8 @@ describe('LessPass', ()=> { var entry = { site: 'facebook', password: { - length: 10 + length: 10, + counter: 1 } }; assert.equal(10, Lesspass._createHash(masterPassword, entry).length); @@ -75,11 +99,25 @@ describe('LessPass', ()=> { }); it('should return two different passwords if counter different', ()=> { var masterPassword = 'password'; - var old_entry = {site: 'facebook'}; - var entry = {site: 'facebook', 'counter': 2}; + var entry = { + site: 'facebook', + password: { + length: 14, + settings: ['lowercase', 'uppercase', 'numbers', 'symbols'], + counter: 1 + } + }; + var entry2 = { + site: 'facebook', + password: { + length: 14, + settings: ['lowercase', 'uppercase', 'numbers', 'symbols'], + counter: 2 + } + }; assert.notEqual( Lesspass._createHash(masterPassword, entry), - Lesspass._createHash(masterPassword, old_entry) + Lesspass._createHash(masterPassword, entry2) ); }); });