granicus.if.org Git - shadow/commit

*** security:
- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
  chgpasswd; and also passwd if configured without PAM support).
  The number of rounds and number of salt bytes was fixed to their lower
  allowed values (resp. configurable and 8), hence voiding some of the
  advantages of this encryption method. Dictionary attacks with
  precomputed tables were easier than expected, but still harder than with
  the MD5 (or DES) methods.

* NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
overflow. These caused the SHA salt size to always be 8 bytes,
instead of being in the 8-16 range. Thanks to Peter Vrabec
pvrabec@redhat.com for noticing.
* NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
seedRNG instead of srand, and fix the same overflow. This caused
the number of rounds to always be the smallest one.

author	nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
	Tue, 20 May 2008 13:34:06 +0000 (13:34 +0000)
committer	nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
	Tue, 20 May 2008 13:34:06 +0000 (13:34 +0000)
commit	a917ba4fb935f52a675dd3f2b95fdc9ab15e3c90
tree	c9c7131cc00ab6b99a243904bb1ef4c2113e937a	tree \| snapshot
parent	9c69fe73b1225e4998092efc6a39378db7c8554a	commit \| diff

ChangeLog		diff \| blob \| history
NEWS		diff \| blob \| history
libmisc/salt.c		diff \| blob \| history