mkpasswd: use urandom for salts, cleanup
Using /dev/random for salt generation is pointless -- it can block, and any extra randomness it would provide (which is debatable) is not needed, as salts only need to be unique, not unpredictable.
This commit is contained in:
Aaron Jones
parent
add3f90b9f
commit
ba1edd7277
1 changed files with 8 additions and 13 deletions
|
|
@ -189,36 +189,31 @@ char *
|
||||||
generate_poor_salt(char *salt, int length)
|
generate_poor_salt(char *salt, int length)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
srand(time(NULL));
|
srand(time(NULL));
|
||||||
for(i = 0; i < length; i++)
|
for(i = 0; i < length; i++)
|
||||||
{
|
|
||||||
salt[i] = saltChars[rand() % 64];
|
salt[i] = saltChars[rand() % 64];
|
||||||
}
|
|
||||||
return (salt);
|
return (salt);
|
||||||
}
|
}
|
||||||
|
|
||||||
char *
|
char *
|
||||||
generate_random_salt(char *salt, int length)
|
generate_random_salt(char *salt, int length)
|
||||||
{
|
{
|
||||||
char *buf;
|
|
||||||
int fd, i;
|
int fd, i;
|
||||||
if((fd = open("/dev/random", O_RDONLY)) < 0)
|
|
||||||
{
|
if((fd = open("/dev/urandom", O_RDONLY)) < 0)
|
||||||
return (generate_poor_salt(salt, length));
|
return (generate_poor_salt(salt, length));
|
||||||
}
|
|
||||||
buf = calloc(1, length);
|
if(read(fd, salt, (size_t)length) != length)
|
||||||
if(read(fd, buf, length) != length)
|
|
||||||
{
|
{
|
||||||
free(buf);
|
|
||||||
close(fd);
|
close(fd);
|
||||||
return (generate_poor_salt(salt, length));
|
return (generate_poor_salt(salt, length));
|
||||||
}
|
}
|
||||||
|
|
||||||
for(i = 0; i < length; i++)
|
for(i = 0; i < length; i++)
|
||||||
{
|
salt[i] = saltChars[abs(salt[i]) % 64];
|
||||||
salt[i] = saltChars[abs(buf[i]) % 64];
|
|
||||||
}
|
|
||||||
free(buf);
|
|
||||||
close(fd);
|
close(fd);
|
||||||
return (salt);
|
return (salt);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue