From 01bf1ae92d5a51b299aa7a675cb3ffa250149ebf Mon Sep 17 00:00:00 2001
From: DL6ER <derigs@ph1.uni-koeln.de>
Date: Wed, 16 Nov 2016 22:13:47 +0100
Subject: [PATCH] Compute double hashes to avoid rainbow table vulnerability

---
 advanced/Scripts/webpage.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/advanced/Scripts/webpage.sh b/advanced/Scripts/webpage.sh
index 07fbec4c..dc1e2644 100755
--- a/advanced/Scripts/webpage.sh
+++ b/advanced/Scripts/webpage.sh
@@ -1,9 +1,8 @@
 #!/usr/bin/env bash
 # Pi-hole: A black hole for Internet advertisements
-# (c) 2015, 2016 by Jacob Salmela
 # Network-wide ad blocking via your Raspberry Pi
 # http://pi-hole.net
-# Whitelists and blacklists domains
+# Web interface settings
 #
 # Pi-hole is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -44,8 +43,9 @@ SetWebPassword(){
 
 	# Remove password from file (create backup setupVars.conf.bak)
 	sed -i.bak '/webpassword/d' /etc/pihole/setupVars.conf
-	# Compute password hash
+	# Compute password hash twice to avoid rainbow table vulnerability
 	hash=$(echo -n ${args[2]} | sha256sum | sed 's/\s.*$//')
+	hash=$(echo -n ${hash} | sha256sum | sed 's/\s.*$//')
 	# Save hash to file
 	echo "webpassword=${hash}" >> /etc/pihole/setupVars.conf