[Pkg-shadow-commits] r1759 - in upstream/trunk: . libmisc

[nekral-guest at alioth.debian.org]

Author: nekral-guest
Date: 2008-02-03 17:23:58 +0000 (Sun, 03 Feb 2008)
New Revision: 1759

Modified:
   upstream/trunk/ChangeLog
   upstream/trunk/NEWS
   upstream/trunk/libmisc/salt.c
Log:
Do not seed the random number generator each time, and use the time in
microseconds to avoid having the same salt for different passwords
generated in the same second.  This permits to avoid using the same salt
for different passwords in newusers.


Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog	2008-02-03 16:57:21 UTC (rev 1758)
+++ upstream/trunk/ChangeLog	2008-02-03 17:23:58 UTC (rev 1759)
@@ -1,5 +1,13 @@
 2008-02-03  Nicolas François  <nicolas.francois at centraliens.net>
 
+	* NEWS, libmisc/salt.c: Do not seed the random number generator
+	each time, and use the time in microseconds to avoid having the
+	same salt for different passwords generated in the same second.
+	This permits to avoid using the same salt for different passwords
+	in newusers.
+
+2008-02-03  Nicolas François  <nicolas.francois at centraliens.net>
+
 	* lib/pwio.c, lib/pwio.h: New function to find an user by
 	its UID on the local database.
 	* lib/groupio.c, lib/groupio.h: New function to find a group by

Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS	2008-02-03 16:57:21 UTC (rev 1758)
+++ upstream/trunk/NEWS	2008-02-03 17:23:58 UTC (rev 1759)
@@ -3,6 +3,10 @@
 shadow-4.1.0 -> shadow-4.1.1						UNRELEASED
 
 *** general:
+- security
+  * Do not seed the random number generator each time, and use the time in
+    microseconds to avoid having the same salt for different passwords
+    generated in the same second.
 - packaging
   * Do not install the shadow library per default.
 - chage
@@ -29,6 +33,7 @@
   * The new users are no more added to the list of members of their groups
     because the membership is already set by their primary group.
   * Added support for gshadow.
+  * Avoid using the same salt for different passwords.
 - passwd
   * Make sure that no more than one username argument was provided.
 - pwck

Modified: upstream/trunk/libmisc/salt.c
===================================================================
--- upstream/trunk/libmisc/salt.c	2008-02-03 16:57:21 UTC (rev 1758)
+++ upstream/trunk/libmisc/salt.c	2008-02-03 17:23:58 UTC (rev 1759)
@@ -23,6 +23,7 @@
 #ifndef HAVE_L64A
 char *l64a(long value);
 #endif
+static void seedRNG (void);
 static char *gensalt (unsigned int salt_size);
 #ifdef USE_SHA_CRYPT
 static unsigned int SHA_salt_size (void);
@@ -64,6 +65,18 @@
 }
 #endif /* !HAVE_L64A */
 
+static void seedRNG (void)
+{
+	struct timeval tv;
+	static int seeded = 0;
+
+	if (0 == seeded) {
+		gettimeofday(&tv, NULL);
+		srandom (tv.tv_sec + tv.tv_usec);
+		seeded = 1;
+	}
+}
+
 /*
  * Add the salt prefix.
  */
@@ -160,7 +173,7 @@
 
 	assert (salt_size >= MIN_SALT_SIZE &&
 	        salt_size <= MAX_SALT_SIZE);
-	srandom ((unsigned int)time(NULL));
+	seedRNG ();
 	strcat (salt, l64a (random()));
 	do {
 		strcat (salt, l64a (random()));