emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Do not seed the random number generator each time, and use the time in

Browse Source 
microseconds to avoid having the same salt for different passwords
generated in the same second.  This permits to avoid using the same salt
for different passwords in newusers.
This commit is contained in:
nekral-guest 2008-02-03 17:23:58 +00:00
parent aed929ae90
commit 65ed10d75c
3 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -1,3 +1,11 @@
2008-02-03 Nicolas François <nicolas.francois@centraliens.net>
* NEWS, libmisc/salt.c: Do not seed the random number generator
each time, and use the time in microseconds to avoid having the
same salt for different passwords generated in the same second.
This permits to avoid using the same salt for different passwords
in newusers.
2008-02-03 Nicolas François <nicolas.francois@centraliens.net> 2008-02-03 Nicolas François <nicolas.francois@centraliens.net>
* lib/pwio.c, lib/pwio.h: New function to find an user by * lib/pwio.c, lib/pwio.h: New function to find an user by

5
NEWS
View File

@ -3,6 +3,10 @@ $Id$
shadow-4.1.0 -> shadow-4.1.1 UNRELEASED shadow-4.1.0 -> shadow-4.1.1 UNRELEASED
*** general: *** general:
- security
* Do not seed the random number generator each time, and use the time in
microseconds to avoid having the same salt for different passwords
generated in the same second.
- packaging - packaging
* Do not install the shadow library per default. * Do not install the shadow library per default.
- chage - chage
@ -29,6 +33,7 @@ shadow-4.1.0 -> shadow-4.1.1 UNRELEASED
* The new users are no more added to the list of members of their groups * The new users are no more added to the list of members of their groups
because the membership is already set by their primary group. because the membership is already set by their primary group.
* Added support for gshadow. * Added support for gshadow.
* Avoid using the same salt for different passwords.
- passwd - passwd
* Make sure that no more than one username argument was provided. * Make sure that no more than one username argument was provided.
- pwck - pwck

15
libmisc/salt.c
View File

@ -23,6 +23,7 @@
#ifndef HAVE_L64A #ifndef HAVE_L64A
char *l64a(long value); char *l64a(long value);
#endif #endif
static void seedRNG (void);
static char *gensalt (unsigned int salt_size); static char *gensalt (unsigned int salt_size);
#ifdef USE_SHA_CRYPT #ifdef USE_SHA_CRYPT
static unsigned int SHA_salt_size (void); static unsigned int SHA_salt_size (void);
@ -64,6 +65,18 @@ static char *l64a(long value)
} }
#endif /* !HAVE_L64A */ #endif /* !HAVE_L64A */
static void seedRNG (void)
{
struct timeval tv;
static int seeded = 0;
if (0 == seeded) {
gettimeofday(&tv, NULL);
srandom (tv.tv_sec + tv.tv_usec);
seeded = 1;
}
}
/* /*
* Add the salt prefix. * Add the salt prefix.
*/ */
@ -160,7 +173,7 @@ static char *gensalt (unsigned int salt_size)
assert (salt_size >= MIN_SALT_SIZE && assert (salt_size >= MIN_SALT_SIZE &&
salt_size <= MAX_SALT_SIZE); salt_size <= MAX_SALT_SIZE);
srandom ((unsigned int)time(NULL)); seedRNG ();
strcat (salt, l64a (random())); strcat (salt, l64a (random()));
do { do {
strcat (salt, l64a (random())); strcat (salt, l64a (random()));