diff options
author | Toshiaki Asai <toshi.alternative@gmail.com> | 2016-08-07 09:40:16 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-10-26 14:14:57 +0900 |
commit | 821559d0ebbc08c089147822b5be0dfa6ebdda9a (patch) | |
tree | 9d76886aaf58fa188459fa1ee86fcb66a39edd59 | |
parent | a1da659923404c90dc90ff1bc5e12d9a1afa975d (diff) | |
download | mikutter-821559d0ebbc08c089147822b5be0dfa6ebdda9a.tar.gz |
アカウント情報を暗号化するキーの長さが誤っている refs #842
-rw-r--r-- | core/service_keeper.rb | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/core/service_keeper.rb b/core/service_keeper.rb index cdf18faf..6506d27c 100644 --- a/core/service_keeper.rb +++ b/core/service_keeper.rb @@ -10,12 +10,14 @@ class Service module SaveData ACCOUNT_FILE = File.join(Environment::SETTINGDIR, 'core', 'token').freeze ACCOUNT_TMP = (ACCOUNT_FILE + ".write").freeze + ACCOUNT_CRYPT_KEY_LEN = 16 extend SaveData @@service_lock = Monitor.new def key - UserConfig[:account_crypt_key] ||= SecureRandom.hex end + key = UserConfig[:account_crypt_key] ||= SecureRandom.random_bytes(ACCOUNT_CRYPT_KEY_LEN) + key[0, ACCOUNT_CRYPT_KEY_LEN] end # 全てのアカウント情報をオブジェクトとして返す # ==== Return @@ -113,6 +115,7 @@ class Service def encrypt(str) cipher = OpenSSL::Cipher.new('bf-ecb').encrypt + cipher.key_len = ACCOUNT_CRYPT_KEY_LEN cipher.key = key cipher.update(str) << cipher.final end |