salt

main.go

@@ -2,11 +2,10 @@ package main
 
 import (
 	"crypto"
-	"crypto/rand"
 	"encoding/base64"
 	"fmt"
-	"io"
 	"log"
+	mrand "math/rand"
 	"net/http"
 	"os"
 	"path"
@@ -186,17 +185,35 @@ func createPasswordEntry(email, password string) string {
 	c := crypto.SHA512.New()
 	c.Write([]byte(password))
 	//	hash := c.Sum(nil)
-	salt := getSalt()
+	salt := RandStringBytesMaskImprSrc(5)
-	s := base64.StdEncoding.EncodeToString(salt)
+
 	str := base64.StdEncoding.EncodeToString([]byte(string(c.Sum(nil)) + string(salt)))
-	return fmt.Sprintf("%s|{SHA512-CRYPT}$6$%s$%s", email, s, str)
+	return fmt.Sprintf("%s|{SHA512-CRYPT}$6$%s$%s", email, salt, str)
 }
 
-func getSalt() []byte {
+const letterBytes = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
-	salt := make([]byte, 10)
+const (
-	_, err := io.ReadFull(rand.Reader, salt)
+	letterIdxBits = 6                    // 6 bits to represent a letter index
-	if err != nil {
+	letterIdxMask = 1<<letterIdxBits - 1 // All 1-bits, as many as letterIdxBits
-		log.Fatal(err)
+	letterIdxMax  = 63 / letterIdxBits   // # of letter indices fitting in 63 bits
+)
+
+// http://stackoverflow.com/questions/22892120/how-to-generate-a-random-string-of-a-fixed-length-in-golang
+func RandStringBytesMaskImprSrc(n int) string {
+	var src = mrand.NewSource(time.Now().UnixNano())
+	b := make([]byte, n)
+	// A src.Int63() generates 63 random bits, enough for letterIdxMax characters!
+	for i, cache, remain := n-1, src.Int63(), letterIdxMax; i >= 0; {
+		if remain == 0 {
+			cache, remain = src.Int63(), letterIdxMax
+		}
+		if idx := int(cache & letterIdxMask); idx < len(letterBytes) {
+			b[i] = letterBytes[idx]
+			i--
+		}
+		cache >>= letterIdxBits
+		remain--
 	}
-	return salt
+
+	return string(b)
 }