normalize passwords

This commit is contained in:
Kyle Spearrin 2018-03-09 22:29:59 -05:00
parent f2b202c714
commit e3eeaddb3e
2 changed files with 20 additions and 29 deletions

View file

@ -6478,17 +6478,17 @@ namespace Bit.Android
// aapt resource value: 0x7f090051
public const int ApplicationName = 2131296337;
// aapt resource value: 0x7f0900b2
public const int AutoFillServiceDescription = 2131296434;
// aapt resource value: 0x7f0900ab
public const int AutoFillServiceDescription = 2131296427;
// aapt resource value: 0x7f0900b1
public const int AutoFillServiceSummary = 2131296433;
// aapt resource value: 0x7f0900aa
public const int AutoFillServiceSummary = 2131296426;
// aapt resource value: 0x7f090050
public const int Hello = 2131296336;
// aapt resource value: 0x7f0900b3
public const int MyVault = 2131296435;
// aapt resource value: 0x7f0900ac
public const int MyVault = 2131296428;
// aapt resource value: 0x7f090027
public const int abc_action_bar_home_description = 2131296295;
@ -6643,27 +6643,6 @@ namespace Bit.Android
// aapt resource value: 0x7f09000f
public const int common_signin_button_text_long = 2131296271;
// aapt resource value: 0x7f0900ac
public const int default_web_client_id = 2131296428;
// aapt resource value: 0x7f0900ad
public const int firebase_database_url = 2131296429;
// aapt resource value: 0x7f0900aa
public const int gcm_defaultSenderId = 2131296426;
// aapt resource value: 0x7f0900ae
public const int google_api_key = 2131296430;
// aapt resource value: 0x7f0900ab
public const int google_app_id = 2131296427;
// aapt resource value: 0x7f0900af
public const int google_crash_reporting_api_key = 2131296431;
// aapt resource value: 0x7f0900b0
public const int google_storage_bucket = 2131296432;
// aapt resource value: 0x7f090052
public const int hockeyapp_crash_dialog_app_name_fallback = 2131296338;

View file

@ -424,7 +424,7 @@ namespace Bit.App.Services
throw new ArgumentNullException(nameof(salt));
}
var passwordBytes = Encoding.UTF8.GetBytes(password);
var passwordBytes = Encoding.UTF8.GetBytes(NormalizePassword(password));
var saltBytes = Encoding.UTF8.GetBytes(salt);
var keyBytes = _keyDerivationService.DeriveKey(passwordBytes, saltBytes, 5000);
@ -449,7 +449,7 @@ namespace Bit.App.Services
throw new ArgumentNullException(nameof(password));
}
var passwordBytes = Encoding.UTF8.GetBytes(password);
var passwordBytes = Encoding.UTF8.GetBytes(NormalizePassword(password));
var hash = _keyDerivationService.DeriveKey(key.Key, passwordBytes, 1);
return hash;
}
@ -465,5 +465,17 @@ namespace Bit.App.Services
var bytes = Crypto.RandomBytes(512 / 8);
return Encrypt(bytes, key);
}
// Some users like to copy/paste passwords from external files. Sometimes this can lead to two different
// values on mobiles apps vs the web. For example, on Android an EditText will accept a new line character
// (\n), whereas whenever you paste a new line character on the web in a HTML input box it is converted
// to a space ( ). Normalize those values so that they are the same on all platforms.
private string NormalizePassword(string password)
{
return password
.Replace("\r\n", " ") // Windows-style new line => space
.Replace("\n", " ") // New line => space
.Replace(" ", " "); // No-break space (00A0) => space
}
}
}