aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorToshiaki Asai <toshi.alternative@gmail.com>2016-08-07 09:40:16 +0900
committerKazuki Yamaguchi <k@rhe.jp>2016-10-26 14:14:57 +0900
commit821559d0ebbc08c089147822b5be0dfa6ebdda9a (patch)
tree9d76886aaf58fa188459fa1ee86fcb66a39edd59
parenta1da659923404c90dc90ff1bc5e12d9a1afa975d (diff)
downloadmikutter-821559d0ebbc08c089147822b5be0dfa6ebdda9a.tar.gz
アカウント情報を暗号化するキーの長さが誤っている refs #842
-rw-r--r--core/service_keeper.rb5
1 files changed, 4 insertions, 1 deletions
diff --git a/core/service_keeper.rb b/core/service_keeper.rb
index cdf18faf..6506d27c 100644
--- a/core/service_keeper.rb
+++ b/core/service_keeper.rb
@@ -10,12 +10,14 @@ class Service
module SaveData
ACCOUNT_FILE = File.join(Environment::SETTINGDIR, 'core', 'token').freeze
ACCOUNT_TMP = (ACCOUNT_FILE + ".write").freeze
+ ACCOUNT_CRYPT_KEY_LEN = 16
extend SaveData
@@service_lock = Monitor.new
def key
- UserConfig[:account_crypt_key] ||= SecureRandom.hex end
+ key = UserConfig[:account_crypt_key] ||= SecureRandom.random_bytes(ACCOUNT_CRYPT_KEY_LEN)
+ key[0, ACCOUNT_CRYPT_KEY_LEN] end
# 全てのアカウント情報をオブジェクトとして返す
# ==== Return
@@ -113,6 +115,7 @@ class Service
def encrypt(str)
cipher = OpenSSL::Cipher.new('bf-ecb').encrypt
+ cipher.key_len = ACCOUNT_CRYPT_KEY_LEN
cipher.key = key
cipher.update(str) << cipher.final end