From 65ed10d75ca0450f1992a23334d3fbaac027c6d1 Mon Sep 17 00:00:00 2001
From: nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Date: Sun, 3 Feb 2008 17:23:58 +0000
Subject: [PATCH] Do not seed the random number generator each time, and use
 the time in microseconds to avoid having the same salt for different
 passwords generated in the same second.  This permits to avoid using the same
 salt for different passwords in newusers.

---
 ChangeLog      |  8 ++++++++
 NEWS           |  5 +++++
 libmisc/salt.c | 15 ++++++++++++++-
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index cc8ceed8..a6d24c27 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2008-02-03  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* NEWS, libmisc/salt.c: Do not seed the random number generator
+	each time, and use the time in microseconds to avoid having the
+	same salt for different passwords generated in the same second.
+	This permits to avoid using the same salt for different passwords
+	in newusers.
+
 2008-02-03  Nicolas François  <nicolas.francois@centraliens.net>
 
 	* lib/pwio.c, lib/pwio.h: New function to find an user by
diff --git a/NEWS b/NEWS
index f3cec996..73b9d87c 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,10 @@ $Id$
 shadow-4.1.0 -> shadow-4.1.1						UNRELEASED
 
 *** general:
+- security
+  * Do not seed the random number generator each time, and use the time in
+    microseconds to avoid having the same salt for different passwords
+    generated in the same second.
 - packaging
   * Do not install the shadow library per default.
 - chage
@@ -29,6 +33,7 @@ shadow-4.1.0 -> shadow-4.1.1						UNRELEASED
   * The new users are no more added to the list of members of their groups
     because the membership is already set by their primary group.
   * Added support for gshadow.
+  * Avoid using the same salt for different passwords.
 - passwd
   * Make sure that no more than one username argument was provided.
 - pwck
diff --git a/libmisc/salt.c b/libmisc/salt.c
index c61d3e19..4d931558 100644
--- a/libmisc/salt.c
+++ b/libmisc/salt.c
@@ -23,6 +23,7 @@
 #ifndef HAVE_L64A
 char *l64a(long value);
 #endif
+static void seedRNG (void);
 static char *gensalt (unsigned int salt_size);
 #ifdef USE_SHA_CRYPT
 static unsigned int SHA_salt_size (void);
@@ -64,6 +65,18 @@ static char *l64a(long value)
 }
 #endif /* !HAVE_L64A */
 
+static void seedRNG (void)
+{
+	struct timeval tv;
+	static int seeded = 0;
+
+	if (0 == seeded) {
+		gettimeofday(&tv, NULL);
+		srandom (tv.tv_sec + tv.tv_usec);
+		seeded = 1;
+	}
+}
+
 /*
  * Add the salt prefix.
  */
@@ -160,7 +173,7 @@ static char *gensalt (unsigned int salt_size)
 
 	assert (salt_size >= MIN_SALT_SIZE &&
 	        salt_size <= MAX_SALT_SIZE);
-	srandom ((unsigned int)time(NULL));
+	seedRNG ();
 	strcat (salt, l64a (random()));
 	do {
 		strcat (salt, l64a (random()));