+2008-05-20 Nicolas François <nicolas.francois@centraliens.net>
+
+ * NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
+ overflow. These caused the SHA salt size to always be 8 bytes,
+ instead of being in the 8-16 range. Thanks to Peter Vrabec
+ pvrabec@redhat.com for noticing.
+ * NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
+ seedRNG instead of srand, and fix the same overflow. This caused
+ the number of rounds to always be the smallest one.
+
2008-05-20 Nicolas François <nicolas.francois@centraliens.net>
* man/newusers.8.xml man/groupmems.8.xml man/groupdel.8.xml
shadow-4.1.1 -> shadow-4.1.2 UNRELEASED
+*** security:
+- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
+ chgpasswd; and also passwd if configured without PAM support).
+ The number of rounds and number of salt bytes was fixed to their lower
+ allowed values (resp. configurable and 8), hence voiding some of the
+ advantages of this encryption method. Dictionary attacks with
+ precomputed tables were easier than expected, but still harder than with
+ the MD5 (or DES) methods.
+
*** general:
- packaging
* Distribute the chfn, chsh, and userdel PAM configuration file.
*/
static unsigned int SHA_salt_size (void)
{
- double rand_rounds = 9 * random ();
- rand_rounds /= RAND_MAX;
- return 8 + rand_rounds;
+ double rand_size;
+ seedRNG ();
+ rand_size = (double) 9.0 * random () / RAND_MAX;
+ return 8 + rand_size;
}
/* ! Arguments evaluated twice ! */
if (min_rounds > max_rounds)
max_rounds = min_rounds;
- srand (time (NULL));
- rand_rounds = (max_rounds-min_rounds+1) * random ();
+ seedRNG ();
+ rand_rounds = (double) (max_rounds-min_rounds+1.0) * random ();
rand_rounds /= RAND_MAX;
rounds = min_rounds + rand_rounds;
} else if (0 == *prefered_rounds)
projects / shadow / commitdiff