Re: Step1, pam_unix srandomdev fix for review

Sun, 20 Jan 2002 11:56:20 -0800 

> Bug:
> srandomdev() can't be used in libraries because it touch internal RNG
> state which may be used by user program which not want true randomness but
> pseudo one.
> 
> Fix:
> srandomdev() removed, random() replaced by arc4random() which initialize 
> itself from true randomness automatically.

This works, but strikes me as overkill. This is salt, not cryptographic
randomness, so 'srandom(junk)' is most likely better as a replacement
for srandomdev() (where 'junk' can be time(), pid or anything similar).

Salt's purpose is to make pre-computing a dictionary infeasable from
the pure space perspective.

M

> --- pam_unix.c.old    Sat Jan 19 21:29:49 2002
> +++ pam_unix.c        Sun Jan 20 21:42:47 2002
> @@ -502,15 +502,14 @@
>               syslog(LOG_ERR, "cannot set password cipher");
>       login_close(lc);
>       /* Salt suitable for anything */
> -     srandomdev();
>       gettimeofday(&tv, 0);
> -     to64(&salt[0], random(), 3);
> +     to64(&salt[0], arc4random(), 3);
>       to64(&salt[3], tv.tv_usec, 3);
>       to64(&salt[6], tv.tv_sec, 2);
> -     to64(&salt[8], random(), 5);
> -     to64(&salt[13], random(), 5);
> -     to64(&salt[17], random(), 5);
> -     to64(&salt[22], random(), 5);
> +     to64(&salt[8], arc4random(), 5);
> +     to64(&salt[13], arc4random(), 5);
> +     to64(&salt[17], arc4random(), 5);
> +     to64(&salt[22], arc4random(), 5);
>       salt[27] = '\0';
>  
>       pwd->pw_passwd = crypt(pass, salt);
> @@ -596,15 +595,14 @@
>               syslog(LOG_ERR, "cannot set password cipher");
>       login_close(lc);
>       /* Salt suitable for anything */
> -     srandomdev();
>       gettimeofday(&tv, 0);
> -     to64(&salt[0], random(), 3);
> +     to64(&salt[0], arc4random(), 3);
>       to64(&salt[3], tv.tv_usec, 3);
>       to64(&salt[6], tv.tv_sec, 2);
> -     to64(&salt[8], random(), 5);
> -     to64(&salt[13], random(), 5);
> -     to64(&salt[17], random(), 5);
> -     to64(&salt[22], random(), 5);
> +     to64(&salt[8], arc4random(), 5);
> +     to64(&salt[13], arc4random(), 5);
> +     to64(&salt[17], arc4random(), 5);
> +     to64(&salt[22], arc4random(), 5);
>       salt[27] = '\0';
>  
>       if (suser_override)
> -- 
> Andrey A. Chernov
> http://ache.pp.ru/
-- 
o       Mark Murray
\_      FreeBSD Services Limited
O.\_    Warning: this .sig is umop ap!sdn

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to