[Pkg-shadow-commits] r1995 - in upstream/trunk: . libmisc
nekral-guest at alioth.debian.org
nekral-guest at alioth.debian.org
Tue May 20 13:34:08 UTC 2008
Author: nekral-guest
Date: 2008-05-20 13:34:06 +0000 (Tue, 20 May 2008)
New Revision: 1995
Modified:
upstream/trunk/ChangeLog
upstream/trunk/NEWS
upstream/trunk/libmisc/salt.c
Log:
*** security:
- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
chgpasswd; and also passwd if configured without PAM support).
The number of rounds and number of salt bytes was fixed to their lower
allowed values (resp. configurable and 8), hence voiding some of the
advantages of this encryption method. Dictionary attacks with
precomputed tables were easier than expected, but still harder than with
the MD5 (or DES) methods.
* NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
overflow. These caused the SHA salt size to always be 8 bytes,
instead of being in the 8-16 range. Thanks to Peter Vrabec
pvrabec at redhat.com for noticing.
* NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
seedRNG instead of srand, and fix the same overflow. This caused
the number of rounds to always be the smallest one.
Modified: upstream/trunk/ChangeLog
===================================================================
--- upstream/trunk/ChangeLog 2008-05-19 22:18:14 UTC (rev 1994)
+++ upstream/trunk/ChangeLog 2008-05-20 13:34:06 UTC (rev 1995)
@@ -1,5 +1,15 @@
2008-05-20 Nicolas François <nicolas.francois at centraliens.net>
+ * NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
+ overflow. These caused the SHA salt size to always be 8 bytes,
+ instead of being in the 8-16 range. Thanks to Peter Vrabec
+ pvrabec at redhat.com for noticing.
+ * NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
+ seedRNG instead of srand, and fix the same overflow. This caused
+ the number of rounds to always be the smallest one.
+
+2008-05-20 Nicolas François <nicolas.francois at centraliens.net>
+
* man/newusers.8.xml man/groupmems.8.xml man/groupdel.8.xml
man/useradd.8.xml man/groupadd.8.xml man/newgrp.1.xml man/sg.1.xml
man/chgpasswd.8.xml man/groupmod.8.xml: Tag the section which
Modified: upstream/trunk/NEWS
===================================================================
--- upstream/trunk/NEWS 2008-05-19 22:18:14 UTC (rev 1994)
+++ upstream/trunk/NEWS 2008-05-20 13:34:06 UTC (rev 1995)
@@ -2,6 +2,15 @@
shadow-4.1.1 -> shadow-4.1.2 UNRELEASED
+*** security:
+- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
+ chgpasswd; and also passwd if configured without PAM support).
+ The number of rounds and number of salt bytes was fixed to their lower
+ allowed values (resp. configurable and 8), hence voiding some of the
+ advantages of this encryption method. Dictionary attacks with
+ precomputed tables were easier than expected, but still harder than with
+ the MD5 (or DES) methods.
+
*** general:
- packaging
* Distribute the chfn, chsh, and userdel PAM configuration file.
Modified: upstream/trunk/libmisc/salt.c
===================================================================
--- upstream/trunk/libmisc/salt.c 2008-05-19 22:18:14 UTC (rev 1994)
+++ upstream/trunk/libmisc/salt.c 2008-05-20 13:34:06 UTC (rev 1995)
@@ -90,9 +90,10 @@
*/
static unsigned int SHA_salt_size (void)
{
- double rand_rounds = 9 * random ();
- rand_rounds /= RAND_MAX;
- return 8 + rand_rounds;
+ double rand_size;
+ seedRNG ();
+ rand_size = (double) 9.0 * random () / RAND_MAX;
+ return 8 + rand_size;
}
/* ! Arguments evaluated twice ! */
@@ -131,8 +132,8 @@
if (min_rounds > max_rounds)
max_rounds = min_rounds;
- srand (time (NULL));
- rand_rounds = (max_rounds-min_rounds+1) * random ();
+ seedRNG ();
+ rand_rounds = (double) (max_rounds-min_rounds+1.0) * random ();
rand_rounds /= RAND_MAX;
rounds = min_rounds + rand_rounds;
} else if (0 == *prefered_rounds)
More information about the Pkg-shadow-commits
mailing list