severity 523387 wishlist retitle 523387 needs support for variable-length salts tag 523387 - security tag 523387 upstream help thanks
On Apr 09, Kees Cook <k...@debian.org> wrote: > While discussing bug 505640, I noticed that "mkpasswd" doesn't really > belongs in the whois package. It has been there for 10 years now (and cryptpw before then), so I think we can safely conclude that this has not caused any troubles except a few bogus bug reports. > Additionally, the code is buggy and not very random: > > srand(time(NULL) + getpid()); > > This needs to at least use /dev/urandom, or sec+usec as done in shadow. Initializing the rand(3) seed with the time and maybe the PID is a common tecnique. The result is only used to generate the salt, and I see no reason why it needs to be cryptographically strong random. Do you? > There is also a bug that it does not accept salt smaller than 16 bytes for > sha-256 and sha-512. This does not conform to This was a design choice to keep the initial code simpler and I had no time so far to improve it, feel free to send a patch. > I would recommend dropping mkpasswd (potentially in favor of a PAM-based > tool as discussed in bug 505640). I have read this bug and I do not understand which additional features PAM support would provide, but I will consider adding it if you can provide a good rationale. -- ciao, Marco
signature.asc
Description: Digital signature
