class RC4:
- def __init__(self, key, burn=0):
+ def __init__(self, key, burn=4096):
s = range(256)
for i in xrange(256):
s[i] = i
j = (j + s[i] + ord(key[i % len(key)])) % 256
s[j], s[i] = s[i], s[j]
self.__s = s
-# self.crypt("\x00" * burn)
+
+ if burn:
+ self.crypt("\x00" * burn)
def crypt(self, data):
ret = []
self.__s[i], self.__s[j] = self.__s[j], self.__s[i]
ret.append(chr(ord(data[r]) ^ self.__s[(self.__s[i] + self.__s[j]) % 256]))
return "".join(ret)
-
-
def generate_url(config, obj):
s = os.urandom(4)
- r = RC4(md5.md5("%s %s" % (s, config["urlkey"])).hexdigest())
+ r = RC4(md5.md5("%s %s" % (s, config["urlkey"])).hexdigest(), burn=0)
a = r.crypt(obj["user.password"])
b = md5.md5(md5.md5("%s %s %s %s" % (config["urlsecret"], obj["user.username"], a, s)).hexdigest()).hexdigest()
obj["url"] = "%s?m=%s&h=%s&u=%s&r=%s" % (config["url"], a.encode("hex"), b, obj["user.username"].encode("hex"), s.encode("hex"))