mkpasswd: use urandom for salts, cleanup

Using /dev/random for salt generation is pointless -- it can block, and
any extra randomness it would provide (which is debatable) is not needed,
as salts only need to be unique, not unpredictable.
This commit is contained in:
Aaron Jones 2016-08-15 09:49:57 +00:00
parent 0bd2f0b710
commit e5afd80775
No known key found for this signature in database
GPG key ID: EC6F86EE9CD840B5

View file

@ -189,36 +189,31 @@ char *
generate_poor_salt(char *salt, int length) generate_poor_salt(char *salt, int length)
{ {
int i; int i;
srand(time(NULL)); srand(time(NULL));
for(i = 0; i < length; i++) for(i = 0; i < length; i++)
{
salt[i] = saltChars[rand() % 64]; salt[i] = saltChars[rand() % 64];
}
return (salt); return (salt);
} }
char * char *
generate_random_salt(char *salt, int length) generate_random_salt(char *salt, int length)
{ {
char *buf;
int fd, i; int fd, i;
if((fd = open("/dev/random", O_RDONLY)) < 0)
{ if((fd = open("/dev/urandom", O_RDONLY)) < 0)
return (generate_poor_salt(salt, length)); return (generate_poor_salt(salt, length));
}
buf = calloc(1, length); if(read(fd, salt, (size_t)length) != length)
if(read(fd, buf, length) != length)
{ {
free(buf);
close(fd); close(fd);
return (generate_poor_salt(salt, length)); return (generate_poor_salt(salt, length));
} }
for(i = 0; i < length; i++) for(i = 0; i < length; i++)
{ salt[i] = saltChars[abs(salt[i]) % 64];
salt[i] = saltChars[abs(buf[i]) % 64];
}
free(buf);
close(fd); close(fd);
return (salt); return (salt);
} }