update redlight client module to double hash the room_id with sha256
This commit is contained in:
PC-Admin
parent
004cae2318
commit
d759ca489a
55
notes/hashing.md
Normal file
55
notes/hashing.md
Normal file
@ -0,0 +1,55 @@
|
||||
|
||||
# Hashing room_ids
|
||||
|
||||
|
||||
## Possible Options
|
||||
|
||||
SHA-2 Family: SHA-512, which you mentioned, belongs to this family. Other members include SHA-256, SHA-384, and more. They are widely used and are currently considered secure.
|
||||
|
||||
SHA-3: This is the successor to SHA-2 and was standardized by NIST (U.S. National Institute of Standards and Technology) in 2015. SHA-3 is not a modification of SHA-2 but is derived from a cryptographic primitive called Keccak.
|
||||
|
||||
BLAKE2: An alternative to MD5 and SHA-2/3, it's considered high-speed and secure. There's also a successor, BLAKE3, which is even faster and maintains a high-security level.
|
||||
|
||||
Whirlpool: This is a cryptographic hash function that produces a 512-bit hash. It has undergone a few revisions and is currently considered secure.
|
||||
|
||||
RIPEMD-160: While it produces a shorter hash (160 bits), it's still considered reasonably secure and is used in certain applications like Bitcoin.
|
||||
|
||||
Argon2: Though not a general-purpose hash function like the others, Argon2 is notable as a memory-hard password hashing function. It's designed to be resistant against GPU-based attacks and is the winner of the Password Hashing Competition in 2015.
|
||||
|
||||
|
||||
## Testing
|
||||
```
|
||||
$ time (echo -n '!OEedGOAXDBahPyWMSQ:example.com' | sha512sum | cut -d ' ' -f1 | xargs echo -n | sha512sum)
|
||||
d5e0b4e8ee49f16b353be2320aa998f2973506e0dccfe9d377d460253e9a6b98966d9d959dfa1501a33a7781eb4cc18eab1cbf03ba3c0fbe98979aa5f163abc7 -
|
||||
|
||||
real 0m0.003s
|
||||
user 0m0.004s
|
||||
sys 0m0.002s
|
||||
|
||||
$ time echo -n '!zWTEwEwdqIvmcJpytH:perthchat.org' | sha256sum -b | cut -d ' ' -f1 | xxd -r -p | sha256sum
|
||||
962c56a12d861d1921073916db9a1fb47ccc7887d3199690f1de156e57cac709 -
|
||||
|
||||
real 0m0.002s
|
||||
user 0m0.005s
|
||||
sys 0m0.001s
|
||||
|
||||
$ sudo apt install rhash
|
||||
$ time echo -n '!OEedGOAXDBahPyWMSQ:example.com' | rhash --sha3-512 -
|
||||
1eb131ffdd0384fee5465cb3ef10ac95d9cd20e1de0e1b56475c44df095c20b61602de183f0fc0cec49d7e291d06b5169f0134e45923ab5814c42f57353dbb8b (stdin)
|
||||
|
||||
real 0m0.002s
|
||||
user 0m0.003s
|
||||
sys 0m0.000s
|
||||
|
||||
$ time echo -n '!OEedGOAXDBahPyWMSQ:example.com' | b2sum | cut -d ' ' -f1 | xargs echo -n | b2sum
|
||||
070034bf542d1cb43026b9f51aabbb28243a67cc0a26a23aa2221ff3f185f0a643bb693d39a3525b68d142b4698f3ba755e0eb90c992580376d867aa1ed5d23e -
|
||||
|
||||
real 0m0.003s
|
||||
user 0m0.007s
|
||||
sys 0m0.000s
|
||||
```
|
||||
|
||||
|
||||
## Final Choice
|
||||
|
||||
As sha256sum has shorter output and it supported by Python's built in libraries it seems ideal?
|
||||
60
redlight_client_module.py
Executable file
60
redlight_client_module.py
Executable file
@ -0,0 +1,60 @@
|
||||
import logging
|
||||
import hashlib
|
||||
from typing import Union
|
||||
from synapse.module_api import ModuleApi
|
||||
from synapse.api.errors import AuthError
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
class RedlightClientModule:
|
||||
def __init__(self, config: dict, api: ModuleApi):
|
||||
self._api = api
|
||||
|
||||
# Log a message to indicate the module's initialization
|
||||
logger.info("RedLightClientModule initialized.")
|
||||
|
||||
# Register the spam checker callback
|
||||
api.register_spam_checker_callbacks(
|
||||
user_may_join_room=self.user_may_join_room
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def double_hash_sha256(data: str) -> str:
|
||||
"""
|
||||
Double hash the given data using SHA-256.
|
||||
|
||||
Args:
|
||||
data (str): The data to hash.
|
||||
|
||||
Returns:
|
||||
str: The double-hashed data in hexadecimal format.
|
||||
"""
|
||||
first_hash = hashlib.sha256(data.encode()).digest()
|
||||
double_hashed = hashlib.sha256(first_hash).hexdigest()
|
||||
return double_hashed
|
||||
|
||||
async def user_may_join_room(
|
||||
self, user: str, room: str, is_invited: bool
|
||||
) -> Union["synapse.module_api.NOT_SPAM", "synapse.module_api.errors.Codes"]:
|
||||
|
||||
# Log the event of a user trying to join a room
|
||||
logger.info(f"User {user} is attempting to join room {room}. Invitation status: {is_invited}.")
|
||||
|
||||
# Here's how you can use the double hashing function:
|
||||
hashed_room_id = self.double_hash_sha256(room)
|
||||
logger.info(f"Double hashed room ID: {hashed_room_id}")
|
||||
|
||||
# Log the desired message
|
||||
logger.info("Hello World!")
|
||||
|
||||
# Raise an AuthError to indicate the operation is forbidden
|
||||
raise AuthError(403, "User not allowed to join this room")
|
||||
|
||||
# If you wish to allow the operation at some point, you can return:
|
||||
# return self._api.NOT_SPAM
|
||||
|
||||
def parse_config(config: dict) -> dict:
|
||||
return config
|
||||
|
||||
def create_module(api: ModuleApi, config: dict) -> RedlightClientModule:
|
||||
return RedlightClientModule(config, api)
|
||||
Loading…
Reference in New Issue
Block a user