Skip to content

Added PBKDF2 (300000 iterations) hashing support in addition to SHA256 #27 #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Added PBKDF2 (300000 iterations) hashing support in addition to SHA256 #27 #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fc4df88
Added button to hide passphrase so they are not displayed as plaintex…
ychin Oct 29, 2013
2c043e4
Added PBKDF2 support (right now using 100000 iterations) for more sec…
ychin Oct 29, 2013
39bf3d0
Cleaned up CryptoJS commented out code.
ychin Oct 29, 2013
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
<script src="js/tx.js"></script>
<script src="js/bitcoinsig.js"></script>
<script src="js/brainwallet.js"></script>
<script src="http://crypto.stanford.edu/sjcl/sjcl.js"></script> <!-- figure out license for this for redistribution since this is BSD rather than the public domain license this is using -->
</head>
<body onclick="rng_seed_time();" onkeypress="rng_seed_time();">
<header class="navbar navbar-inverse navbar-fixed-top">
Expand Down Expand Up @@ -74,8 +75,12 @@
<div class="form-group">
<label class="col-lg-2 control-label" for="pass">Passphrase</label>
<div class="col-lg-10 controls">
<div class="input-append">
<div class="input-group">
<input class="form-control" id="pass" type="text" />
<div class="input-group-btn">
<button class="btn btn-default" id="secureHash" title="Choose 'Secure' to use PBKDF2 for a more secure hash" type="button">Use Secure</button>
<button class="btn btn-default" id="hidePassphrase" title="Show/Hide Passphrase" type="button">Hide</button>
</div>
</div>
</div>
</div>
Expand Down
66 changes: 61 additions & 5 deletions js/brainwallet.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
var gen_eckey = null;
var gen_pt = null;
var gen_ps_reset = false;
var hash_method = 'sha256';
var pbkdf2_iteration = 100000;
var TIMEOUT = 600;
var timeout = null;

Expand Down Expand Up @@ -136,6 +138,39 @@
}
}

function toggleSecureHash() {
if (hash_method == 'sha256') {
hash_method = 'pbkdf2';
$('#from_pass').parent().attr('title', 'PBKDF2 (' + pbkdf2_iteration + ' iterations)');
$('#secureHash').html('Use Normal');
}
else {
hash_method = 'sha256';
$('#from_pass').parent().attr('title', 'Single SHA256');
$('#secureHash').html('Use Secure');
}

$('#pass').focus();
gen_from = 'pass';
$('#from_pass').click();
update_gen();

calc_hash();
generate();
}

function showHidePassphrase() {
var pass = $('#pass');
if (pass.attr('type') == 'password') {
pass.attr('type', 'text');
$('#hidePassphrase').html('Hide');
}
else {
pass.attr('type', 'password');
$('#hidePassphrase').html('Show');
}
}

function genRandom() {
$('#pass').val('');
$('#hash').focus();
Expand Down Expand Up @@ -267,14 +302,33 @@


function calc_hash() {
var hash = Crypto.SHA256($('#pass').val(), { asBytes: true });
$('#hash').val(Crypto.util.bytesToHex(hash));
if (hash_method == 'sha256') {
var hash = Crypto.SHA256($('#pass').val(), { asBytes: true });
$('#hash').val(Crypto.util.bytesToHex(hash));
}
else { // 'pbkdf2'
var passphrase = $('#pass').val();

var salt = sjcl.hash.sha256.hash('brainwallet'); // not ideal as we have a global shared salt but nothing we can do here since we don't have extra stored per-user info. The user really needs to manually salt their password with custom information.
var pbkdf2Hash = sjcl.misc.pbkdf2(passphrase, salt, pbkdf2_iteration, 256);
var hashString = sjcl.codec.hex.fromBits(pbkdf2Hash);
$('#hash').val(hashString);
}
}

function onChangePass() {
calc_hash();
clearTimeout(timeout);
timeout = setTimeout(generate, TIMEOUT);
if (hash_method == 'sha256') {
calc_hash();
clearTimeout(timeout);
timeout = setTimeout(generate, TIMEOUT);
}
else { // hash is too slow, just do it before we generate
clearTimeout(timeout);
timeout = setTimeout(function() {
calc_hash();
generate();
}, TIMEOUT);
}
}

function onChangeHash() {
Expand Down Expand Up @@ -1184,6 +1238,8 @@
onInput('#hash', onChangeHash);
onInput('#sec', onChangePrivKey);

$('#secureHash').click(toggleSecureHash);
$('#hidePassphrase').click(showHidePassphrase);
$('#genRandom').click(genRandom);

$('#gen_from label input').on('change', update_gen_from );
Expand Down