emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

*** security:

Browse Source 
- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
  chgpasswd; and also passwd if configured without PAM support).
  The number of rounds and number of salt bytes was fixed to their lower
  allowed values (resp. configurable and 8), hence voiding some of the
  advantages of this encryption method. Dictionary attacks with
  precomputed tables were easier than expected, but still harder than with
  the MD5 (or DES) methods.

	* NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
	overflow. These caused the SHA salt size to always be 8 bytes,
	instead of being in the 8-16 range. Thanks to Peter Vrabec
	pvrabec@redhat.com for noticing.
	* NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
	seedRNG instead of srand, and fix the same overflow. This caused
	the number of rounds to always be the smallest one.
This commit is contained in:
nekral-guest
2008-05-20 13:34:06 +00:00
parent 9c69fe73b1
commit a917ba4fb9
3 changed files with 25 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
libmisc/salt.c
View File

@ -90,9 +90,10 @@ static void seedRNG (void)
*/
static unsigned int SHA_salt_size (void)
{
double rand_rounds = 9 * random ();
rand_rounds /= RAND_MAX;
return 8 + rand_rounds;
double rand_size;
seedRNG ();
rand_size = (double) 9.0 * random () / RAND_MAX;
return 8 + rand_size;
}
/* ! Arguments evaluated twice ! */
@ -131,8 +132,8 @@ static const char *SHA_salt_rounds (int *prefered_rounds)
if (min_rounds > max_rounds)
max_rounds = min_rounds;
srand (time (NULL));
rand_rounds = (max_rounds-min_rounds+1) * random ();
seedRNG ();
rand_rounds = (double) (max_rounds-min_rounds+1.0) * random ();
rand_rounds /= RAND_MAX;
rounds = min_rounds + rand_rounds;
} else if (0 == *prefered_rounds)