From e5afd80775426b44e4cd1544dd725bb9c4344888 Mon Sep 17 00:00:00 2001 From: Aaron Jones Date: Mon, 15 Aug 2016 09:49:57 +0000 Subject: [PATCH] mkpasswd: use urandom for salts, cleanup Using /dev/random for salt generation is pointless -- it can block, and any extra randomness it would provide (which is debatable) is not needed, as salts only need to be unique, not unpredictable. --- extensions/m_mkpasswd.c | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/extensions/m_mkpasswd.c b/extensions/m_mkpasswd.c index 80fe64f8..91d668d4 100644 --- a/extensions/m_mkpasswd.c +++ b/extensions/m_mkpasswd.c @@ -189,36 +189,31 @@ char * generate_poor_salt(char *salt, int length) { int i; + srand(time(NULL)); for(i = 0; i < length; i++) - { salt[i] = saltChars[rand() % 64]; - } + return (salt); } char * generate_random_salt(char *salt, int length) { - char *buf; int fd, i; - if((fd = open("/dev/random", O_RDONLY)) < 0) - { + + if((fd = open("/dev/urandom", O_RDONLY)) < 0) return (generate_poor_salt(salt, length)); - } - buf = calloc(1, length); - if(read(fd, buf, length) != length) + + if(read(fd, salt, (size_t)length) != length) { - free(buf); close(fd); return (generate_poor_salt(salt, length)); } for(i = 0; i < length; i++) - { - salt[i] = saltChars[abs(buf[i]) % 64]; - } - free(buf); + salt[i] = saltChars[abs(salt[i]) % 64]; + close(fd); return (salt); }