george/PrivateBin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

introduce option to disable vizhash for paranoid admins, resolves #20 point 2.4

Browse Source
This commit is contained in:
El RIDO
2016-07-18 10:14:38 +02:00
parent 20cf678a75
commit ff0c55c0d6
5 changed files with 83 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cfg/conf.ini.sample
View File

@@ -53,6 +53,12 @@ languageselection = false
; the pastes encryption key
; urlshortener = "https://shortener.example.com/api?link="
; (optional) vizhash is a weak mechanism to detect if a comment was from a
; different user when the same username was used in a comment. It is based on
; the IP and might be used to get the posters IP if the server salt is leaked
; and a rainbow table is generated for all IPs. Enabled by default.
; vizhash = false
; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
; sha256 in HMAC for the deletion token