Changed to PBKDF2

3 files changed, 26 insertions, 9 deletions

diff --git a/Cont/panel/index.html b/Cont/panel/index.html
index ab607c6..a1a700b 100644
--- a/Cont/panel/index.html
+++ b/Cont/panel/index.html
@@ -32,16 +32,13 @@
 				<textarea name="exceptions" rows="16" style="text-align: left;">\(exceptions\)</textarea>
 				<br>
 				<br>
-				<label for="password">Syötä salasana</label>
-				<input type="password" name="password" id="password" required>
+				<label for="password">Syötä salalause:</label>
+				<input type="password" name="password" id="password" style="text-align: left;" required>
 				<br>
 				<br>
 				<input type="submit" id="send" class="highlight" value="Päivitä">
 				<br>
 				<br>
-				<p>Painikkeen painamisen jälkeen seuraavan sivun latautumisessa kestää, koska serveri käsittelee syötteesi loppuun asti ennen vastaamista, jotta se voi kertoa, onnistuiko päivitys.</p>
-				
-
 			</form>
 			<p>Etkö tahtonutkaan päivittää mitään? Alta pääset takaisin etusivulle.</p>
 			<a class="back" href="/"><img src="/Images/back.png" alt="Takaisin etusivulle"></a>
diff --git a/Functions/pbkdf2promise.js b/Functions/pbkdf2promise.js
new file mode 100644
index 0000000..ac63f43
--- /dev/null
+++ b/Functions/pbkdf2promise.js
@@ -0,0 +1,14 @@
+const crypto  = require('node:crypto');
+
+function pbkdf2(password, salt, iterations, keylen, digest) {
+	return new Promise((resolve, reject) => {
+		crypto.pbkdf2(password, salt, iterations, keylen, digest, (err, res) => {
+			if (err)
+				reject(err);
+			else
+				resolve(res);
+		});
+	});
+}
+
+exports.pbkdf2 = pbkdf2;
diff --git a/server.js b/server.js
index c3155d2..52d580f 100644
--- a/server.js
+++ b/server.js
@@ -9,7 +9,7 @@ const open	= require("./Functions/open.js");
 const strFuncs	= require("./Functions/stringFuncs.js");
 const dateFuncs	= require("./Functions/dateFuncs.js");
 const updateDB  = require("./update.js");
-const { createHash} = require("node:crypto");
+const { pbkdf2 } = require("./Functions/pbkdf2promise.js");
 
 const SHIFTPATH = "../Updation/shifts.txt";
 const CLASSPATH = "../Updation/classes.txt";
@@ -100,9 +100,15 @@ async function init()
 					return;
 				}
 
-				const hashObj = createHash("sha256");
-				hashObj.update(suppliedPassword);
-				let suppliedPassHash = hashObj.digest('hex');
+				
+				let suppliedPassHash = await pbkdf2(
+					suppliedPassword,
+					'salts protect from dictionary attacks, but we will have ~1 password.',
+					10000,
+					64,
+					'sha512',
+				);
+				suppliedPassHash = suppliedPassHash.toString('hex');
 				console.log(suppliedPassHash);
 				let passHashes = await open.file(PASSPATH);
 				passHashes = passHashes.toString('utf-8').split("\n");