emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Do not seed the random number generator each time, and use the time in

Browse Source 
microseconds to avoid having the same salt for different passwords
generated in the same second.  This permits to avoid using the same salt
for different passwords in newusers.
This commit is contained in:
nekral-guest
2008-02-03 17:23:58 +00:00
parent aed929ae90
commit 65ed10d75c
3 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
libmisc/salt.c
View File

@ -23,6 +23,7 @@
#ifndef HAVE_L64A
char *l64a(long value);
#endif
static void seedRNG (void);
static char *gensalt (unsigned int salt_size);
#ifdef USE_SHA_CRYPT
static unsigned int SHA_salt_size (void);
@ -64,6 +65,18 @@ static char *l64a(long value)
}
#endif /* !HAVE_L64A */
static void seedRNG (void)
{
struct timeval tv;
static int seeded = 0;
if (0 == seeded) {
gettimeofday(&tv, NULL);
srandom (tv.tv_sec + tv.tv_usec);
seeded = 1;
}
}
/*
* Add the salt prefix.
*/
@ -160,7 +173,7 @@ static char *gensalt (unsigned int salt_size)
assert (salt_size >= MIN_SALT_SIZE &&
salt_size <= MAX_SALT_SIZE);
srandom ((unsigned int)time(NULL));
seedRNG ();
strcat (salt, l64a (random()));
do {
strcat (salt, l64a (random()));