[Pkg-shadow-commits] r1759 - in upstream/trunk: . libmisc
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Sun Feb 3 17:23:59 UTC 2008
Author: nekral-guest
Date: 2008-02-03 17:23:58 +0000 (Sun, 03 Feb 2008)
New Revision: 1759
Modified:
upstream/trunk/ChangeLog
upstream/trunk/NEWS
upstream/trunk/libmisc/salt.c
Log:
Do not seed the random number generator each time, and use the time in
microseconds to avoid having the same salt for different passwords
generated in the same second. This permits to avoid using the same salt
for different passwords in newusers.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2008-02-03 16:57:21 UTC (rev 1758)
+++ upstream/trunk/ChangeLog 2008-02-03 17:23:58 UTC (rev 1759)
@@ -1,5 +1,13 @@
2008-02-03 Nicolas François <nicolas.francois at centraliens.net>
+ * NEWS, libmisc/salt.c: Do not seed the random number generator
+ each time, and use the time in microseconds to avoid having the
+ same salt for different passwords generated in the same second.
+ This permits to avoid using the same salt for different passwords
+ in newusers.
+
+2008-02-03 Nicolas François <nicolas.francois at centraliens.net>
+
* lib/pwio.c, lib/pwio.h: New function to find an user by
its UID on the local database.
* lib/groupio.c, lib/groupio.h: New function to find a group by
Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS 2008-02-03 16:57:21 UTC (rev 1758)
+++ upstream/trunk/NEWS 2008-02-03 17:23:58 UTC (rev 1759)
@@ -3,6 +3,10 @@
shadow-4.1.0 -> shadow-4.1.1 UNRELEASED
*** general:
+- security
+ * Do not seed the random number generator each time, and use the time in
+ microseconds to avoid having the same salt for different passwords
+ generated in the same second.
- packaging
* Do not install the shadow library per default.
- chage
@@ -29,6 +33,7 @@
* The new users are no more added to the list of members of their groups
because the membership is already set by their primary group.
* Added support for gshadow.
+ * Avoid using the same salt for different passwords.
- passwd
* Make sure that no more than one username argument was provided.
- pwck
Modified: upstream/trunk/libmisc/salt.c
===================================================================
--- upstream/trunk/libmisc/salt.c 2008-02-03 16:57:21 UTC (rev 1758)
+++ upstream/trunk/libmisc/salt.c 2008-02-03 17:23:58 UTC (rev 1759)
@@ -23,6 +23,7 @@
#ifndef HAVE_L64A
char *l64a(long value);
#endif
+static void seedRNG (void);
static char *gensalt (unsigned int salt_size);
#ifdef USE_SHA_CRYPT
static unsigned int SHA_salt_size (void);
@@ -64,6 +65,18 @@
}
#endif /* !HAVE_L64A */
+static void seedRNG (void)
+{
+ struct timeval tv;
+ static int seeded = 0;
+
+ if (0 == seeded) {
+ gettimeofday(&tv, NULL);
+ srandom (tv.tv_sec + tv.tv_usec);
+ seeded = 1;
+ }
+}
+
/*
* Add the salt prefix.
*/
@@ -160,7 +173,7 @@
assert (salt_size >= MIN_SALT_SIZE &&
salt_size <= MAX_SALT_SIZE);
- srandom ((unsigned int)time(NULL));
+ seedRNG ();
strcat (salt, l64a (random()));
do {
strcat (salt, l64a (random()));
More information about the Pkg-shadow-commits
mailing list