Major update on cryptosystem, all passwords now obsolete..

server/public/assets/js/admin.js

@@ -98,11 +98,11 @@ var Admin = {
     pw: function(msg)
     {
         w_p       = false;
-        adminpass = msg;
+        adminpass = Crypt.tmp_pass;
         names     = ["vote","addsongs","longsongs","frontpage", "allvideos",
         "removeplay", "skip", "shuffle", "userpass"];
 
-        Crypt.set_pass(chan.toLowerCase(), Crypt.decrypt_pass(msg));
+        Crypt.set_pass(chan.toLowerCase(), Crypt.tmp_pass);
 
         for (var i = 0; i < names.length; i++) {
             $("input[name="+names[i]+"]").attr("disabled", false);

server/public/assets/js/crypt.js

@@ -2,6 +2,7 @@ var Crypt = {
 
 	conf_pass: undefined,
 	user_pass: undefined,
+	tmp_pass: "",
 
 	init: function(){
 
@@ -36,9 +37,11 @@ var Crypt = {
 		if(Crypt.getCookie(name) === undefined) {
 			cookie = Crypt.create_cookie(name);
 		}
-
+		var key = btoa("0103060703080703080701") + btoa("0103060703080703080701");
+		key = key.substring(0,32);
+		key = btoa(key);
 		var decrypted = CryptoJS.AES.decrypt(
-			cookie,"0103060703080703080701",
+			cookie,key,
 			{
 				mode: CryptoJS.mode.CBC,
 				padding: CryptoJS.pad.Pkcs7
@@ -49,8 +52,11 @@ var Crypt = {
 	},
 
 	decrypt_pass: function(pass){
+		var key = btoa(socket.id) + btoa(socket.id);
+		key = key.substring(0,32);
+		key = btoa(key);
 		var decrypted = CryptoJS.AES.decrypt(
-			pass,socket.id,
+			pass,key,
 			{
 				mode: CryptoJS.mode.CBC,
 				padding: CryptoJS.pad.Pkcs7
@@ -62,10 +68,12 @@ var Crypt = {
 
 	encrypt: function(json_formated, cookie){
 		var to_encrypt = JSON.stringify(json_formated);
-
+		var key = btoa("0103060703080703080701") + btoa("0103060703080703080701");
+		key = key.substring(0,32);
+		key = btoa(key);
 		var encrypted = CryptoJS.AES.encrypt(
 			to_encrypt,
-			"0103060703080703080701",
+			key,
 			{
 				mode: CryptoJS.mode.CBC,
 				padding: CryptoJS.pad.Pkcs7
@@ -81,18 +89,6 @@ var Crypt = {
 		}
 	},
 
-	encrypt_string: function(string){
-		var encrypted = CryptoJS.AES.encrypt(
-			string,
-			socket.id,
-			{
-				mode: CryptoJS.mode.CBC,
-				padding: CryptoJS.pad.Pkcs7
-			}
-		);
-		return encrypted.toString();
-	},
-
 	get_volume: function(){
 		return Crypt.decrypt(Crypt.getCookie("_opt"), "_opt").volume;
 		//return conf_arr.volume;
@@ -118,10 +114,12 @@ var Crypt = {
 		else cookie_object = {passwords: {}};
 
 		var string_it = JSON.stringify(cookie_object);
-
+		var key = btoa("0103060703080703080701") + btoa("0103060703080703080701");
+		key = key.substring(0,32);
+		key = btoa(key);
 		var encrypted = CryptoJS.AES.encrypt(
 			string_it,
-			"0103060703080703080701",
+			key,
 			{
 				mode: CryptoJS.mode.CBC,
 				padding: CryptoJS.pad.Pkcs7
@@ -196,15 +194,32 @@ var Crypt = {
 	},
 
 	crypt_pass: function(pass){
+		Crypt.tmp_pass = pass;
+		var key = btoa(socket.id) + btoa(socket.id);
+		key = key.substring(0,32);
+		key = btoa(key);
+		var iv = btoa(Crypt.makeiv());
 		var encrypted = CryptoJS.AES.encrypt(
 			pass,
-			socket.id,
+			CryptoJS.enc.Base64.parse(key),
 			{
 				mode: CryptoJS.mode.CBC,
-				padding: CryptoJS.pad.Pkcs7
+				padding: CryptoJS.pad.Pkcs7,
+				iv: CryptoJS.enc.Base64.parse(iv),
 			}
 		);
-		return encrypted.toString();
+		window.encrypted = encrypted;
+		return encrypted.toString() + "$" + iv;
+	},
+
+	makeiv: function(){
+    var text = "";
+    var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+
+    for( var i=0; i < 16; i++ )
+        text += possible.charAt(Math.floor(Math.random() * possible.length));
+
+    return text;
 	},
 
 	get_width: function(){

server/public/assets/js/player.js

@@ -15,7 +15,6 @@ var Player = {
 		}catch(e){
 			state = null;
 		}
-		console.log(video_id);
 		if((((!offline && (state != null || from_frontpage)) || (offline && (!(state != null) || from_frontpage))|| (!offline && (!(state != null) || from_frontpage)) || (offline && state == -1)) && !(offline && prev_chan_player == chan)) || (offline && video_id == undefined)){
 			prev_chan_player = chan;
 			from_frontpage = false;

server/server.js

@@ -755,7 +755,7 @@ io.on('connection', function(socket){
 							socket.emit("toast", "changedpass");
 							else
 							socket.emit("toast", "correctpass");
-							socket.emit("pw", uncrypted);
+							socket.emit("pw", true);
 						});
 					}else
 					socket.emit("toast", "wrongpass");
@@ -1091,15 +1091,41 @@ io.on('connection', function(socket){
 });
 
 function decrypt_string(socket_id, pw){
+	try {
+		/*
+		var key = (new Buffer(socket_id).toString('base64')) + (new Buffer(socket_id).toString('base64'));
+		key = key.substring(0,32);
 		var decrypted = CryptoJS.AES.decrypt(
-		pw,socket_id,
+			pw, key,
 			{
 				mode: CryptoJS.mode.CBC,
 				padding: CryptoJS.pad.Pkcs7
 			}
 		);
 
-	return decrypted.toString(CryptoJS.enc.Utf8);
+		return decrypted.toString(CryptoJS.enc.Utf8);*/
+		var input = pw.split("$");
+		pw = input[0];
+		var testKey = ((new Buffer(socket_id).toString('base64')) + (new Buffer(socket_id).toString('base64'))).substring(0,32);
+		var keyNew = (new Buffer(testKey)).toString('base64');
+		var encrypted = CryptoJS.enc.Base64.parse(pw);
+		var key = CryptoJS.enc.Base64.parse(keyNew);
+		var iv = CryptoJS.enc.Base64.parse(input[1]);
+		var decrypted = CryptoJS.enc.Utf8.stringify(
+			CryptoJS.AES.decrypt({
+				ciphertext: encrypted
+			},
+    	key,
+     // edit: changed to Pkcs5
+    	{
+				mode: CryptoJS.mode.CBC,
+				padding: CryptoJS.pad.Pkcs7,
+				iv: iv,
+			}));
+			return decrypted;
+	} catch(e) {
+		return "";
+	}
 }
 
 function left_channel(coll, guid, name, short_id, in_list, socket, change)