Hello, On Wed, Jun 13, 2012 at 12:15:53AM +0400, pashev.i...@gmail.com wrote: > > function SHA_salt_size() in file libmisc/salt.c uses random() to get random > number and divides it by RAND_MAX. > > This is incorrect. > > RAND_MAX macro is designed for C standard fucntion rand() (value of the > RAND_MAX macro shall be at least 32767) [1] > > But random() returns numbers in the range from 0 to 2^31-1 [2]. > > So, random()/RAND_MAX could result in a value > 1.
Theoretically agreed. The random(3) manpage is misleading here (although no problem on glibc) > I propose to replace RAND_MAX with LONG_MAX. This should be 2^31-1, not LONG_MAX. Best Regards, -- Nekral -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
