MirrorHub/construct
0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-11-03 04:18:55 +01:00
Code Issues Releases Wiki Activity
construct/extensions/m_mkpasswd.cc

212 lines
4.7 KiB
C++
Raw Normal View History

[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
/*
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
* m_mkpasswd.c: Encrypts a password online.
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
*
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
* Based on mkpasswd.c, originally by Nelson Minar (minar@reed.edu)
* You can use this code in any way as long as these names remain.
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
*/
ircd: Insert into ircd:: namespace.
2016-08-13 05:05:54 +02:00
using namespace ircd;
Move module description headers to the top This is cleaner. Note this was broken out of a much larger piece of work I did, so if there's any problems, I apologise!
2016-03-09 08:29:41 +01:00
const char mkpasswd_desc[] = "Hash a password for use in ircd.conf";
Convert all client handler arguments to reference type.
2016-08-23 02:37:07 +02:00
static void m_mkpasswd(struct MsgBuf *msgbuf_p, client::client &client, client::client &source,
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
int parc, const char *parv[]);
Convert all client handler arguments to reference type.
2016-08-23 02:37:07 +02:00
static void mo_mkpasswd(struct MsgBuf *msgbuf_p, client::client &client, client::client &source,
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
int parc, const char *parv[]);
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
static char *make_md5_salt(int);
static char *make_sha256_salt(int);
static char *make_sha512_salt(int);
static char *generate_random_salt(char *, int);
static char *generate_poor_salt(char *, int);
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
static char saltChars[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
/* 0 .. 63, ascii - 64 */
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
struct Message mkpasswd_msgtab = {
msg: remove last vestiges of the fakelag system. charybdis has never supported fakelag.
2016-02-19 23:42:40 +01:00
"MKPASSWD", 0, 0, 0, 0,
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
{mg_unreg, {m_mkpasswd, 2}, mg_ignore, mg_ignore, mg_ignore, {mo_mkpasswd, 2}}
};
mapi_clist_av1 mkpasswd_clist[] = { &mkpasswd_msgtab, NULL };
Give all extensions/m_* modules AV2 descriptions
2016-03-07 10:40:51 +01:00
DECLARE_MODULE_AV2(mkpasswd, NULL, NULL, mkpasswd_clist, NULL, NULL, NULL, NULL, mkpasswd_desc);
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
Fix minor comment munging from sed being a piece of shit
2013-04-27 11:59:57 +02:00
/* m_mkpasswd - mkpasswd message handler
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
* parv[1] = password
* parv[2] = type
*/
Message handlers should return void. Also fix up some return values and stuff to use bool (or void if nothing). I just did it whilst I was here. According to jilles, the return value used to signify whether or not the client had exited. This was error-prone and was fixed a long, long time ago, but the return value was left int for historical reasons. Since the return type is not used (and has no clear use case anyway), it's safe to just get rid of it.
2016-03-09 08:37:03 +01:00
static void
Convert all client handler arguments to reference type.
2016-08-23 02:37:07 +02:00
m_mkpasswd(struct MsgBuf *msgbuf_p, client::client &client, client::client &source, int parc, const char *parv[])
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
{
static time_t last_used = 0;
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
char *salt;
Cope with rb_crypt() returning NULL.
2013-02-02 00:54:32 +01:00
const char *crypted;
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
const char *hashtype;
const char hashdefault[] = "SHA512";
if(EmptyString(parv[1]))
{
Convert all client handler arguments to reference type.
2016-08-23 02:37:07 +02:00
sendto_one(&source, form_str(ERR_NEEDMOREPARAMS), me.name, source.name, "MKPASSWD");
Message handlers should return void. Also fix up some return values and stuff to use bool (or void if nothing). I just did it whilst I was here. According to jilles, the return value used to signify whether or not the client had exited. This was error-prone and was fixed a long, long time ago, but the return value was left int for historical reasons. Since the return type is not used (and has no clear use case anyway), it's safe to just get rid of it.
2016-03-09 08:37:03 +01:00
return;
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
}
if(parc < 3)
hashtype = hashdefault;
else
hashtype = parv[2];
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
extensions compile without libcharybdis now.
2008-04-02 02:35:13 +02:00
if((last_used + ConfigFileEntry.pace_wait) > rb_current_time())
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
{
/* safe enough to give this on a local connect only */
Convert all client handler arguments to reference type.
2016-08-23 02:37:07 +02:00
sendto_one(&source, form_str(RPL_LOAD2HI), me.name, source.name, "MKPASSWD");
Message handlers should return void. Also fix up some return values and stuff to use bool (or void if nothing). I just did it whilst I was here. According to jilles, the return value used to signify whether or not the client had exited. This was error-prone and was fixed a long, long time ago, but the return value was left int for historical reasons. Since the return type is not used (and has no clear use case anyway), it's safe to just get rid of it.
2016-03-09 08:37:03 +01:00
return;
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
}
else
extensions compile without libcharybdis now.
2008-04-02 02:35:13 +02:00
last_used = rb_current_time();
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
if(!irccmp(hashtype, "SHA256"))
salt = make_sha256_salt(16);
else if(!irccmp(hashtype, "SHA512"))
salt = make_sha512_salt(16);
else if(!irccmp(hashtype, "MD5"))
salt = make_md5_salt(8);
else
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
{
Convert all client handler arguments to reference type.
2016-08-23 02:37:07 +02:00
sendto_one_notice(&source,
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
":MKPASSWD syntax error: MKPASSWD pass [SHA256|SHA512|MD5]");
Message handlers should return void. Also fix up some return values and stuff to use bool (or void if nothing). I just did it whilst I was here. According to jilles, the return value used to signify whether or not the client had exited. This was error-prone and was fixed a long, long time ago, but the return value was left int for historical reasons. Since the return type is not used (and has no clear use case anyway), it's safe to just get rid of it.
2016-03-09 08:37:03 +01:00
return;
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
}
Cope with rb_crypt() returning NULL.
2013-02-02 00:54:32 +01:00
crypted = rb_crypt(parv[1], salt);
Convert all client handler arguments to reference type.
2016-08-23 02:37:07 +02:00
sendto_one_notice(&source, ":Hash [%s] for %s: %s", hashtype, parv[1], crypted ? crypted : "???");
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
}
Fix minor comment munging from sed being a piece of shit
2013-04-27 11:59:57 +02:00
/* mo_mkpasswd - mkpasswd message handler
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
* parv[1] = password
* parv[2] = type
*/
Message handlers should return void. Also fix up some return values and stuff to use bool (or void if nothing). I just did it whilst I was here. According to jilles, the return value used to signify whether or not the client had exited. This was error-prone and was fixed a long, long time ago, but the return value was left int for historical reasons. Since the return type is not used (and has no clear use case anyway), it's safe to just get rid of it.
2016-03-09 08:37:03 +01:00
static void
Convert all client handler arguments to reference type.
2016-08-23 02:37:07 +02:00
mo_mkpasswd(struct MsgBuf *msgbuf_p, client::client &client, client::client &source, int parc, const char *parv[])
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
{
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
char *salt;
Cope with rb_crypt() returning NULL.
2013-02-02 00:54:32 +01:00
const char *crypted;
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
const char *hashtype;
const char hashdefault[] = "SHA512";
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
if(EmptyString(parv[1]))
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
{
Convert all client handler arguments to reference type.
2016-08-23 02:37:07 +02:00
sendto_one(&source, form_str(ERR_NEEDMOREPARAMS), me.name, source.name, "MKPASSWD");
Message handlers should return void. Also fix up some return values and stuff to use bool (or void if nothing). I just did it whilst I was here. According to jilles, the return value used to signify whether or not the client had exited. This was error-prone and was fixed a long, long time ago, but the return value was left int for historical reasons. Since the return type is not used (and has no clear use case anyway), it's safe to just get rid of it.
2016-03-09 08:37:03 +01:00
return;
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
}
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
if(parc < 3)
hashtype = hashdefault;
else
hashtype = parv[2];
if(!irccmp(hashtype, "SHA256"))
salt = make_sha256_salt(16);
else if(!irccmp(hashtype, "SHA512"))
salt = make_sha512_salt(16);
else if(!irccmp(hashtype, "MD5"))
salt = make_md5_salt(8);
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
else
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
{
Convert all client handler arguments to reference type.
2016-08-23 02:37:07 +02:00
sendto_one_notice(&source,
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
":MKPASSWD syntax error: MKPASSWD pass [SHA256|SHA512|MD5]");
Message handlers should return void. Also fix up some return values and stuff to use bool (or void if nothing). I just did it whilst I was here. According to jilles, the return value used to signify whether or not the client had exited. This was error-prone and was fixed a long, long time ago, but the return value was left int for historical reasons. Since the return type is not used (and has no clear use case anyway), it's safe to just get rid of it.
2016-03-09 08:37:03 +01:00
return;
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
}
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
Cope with rb_crypt() returning NULL.
2013-02-02 00:54:32 +01:00
crypted = rb_crypt(parv[1], salt);
Convert all client handler arguments to reference type.
2016-08-23 02:37:07 +02:00
sendto_one_notice(&source, ":Hash [%s] for %s: %s", hashtype, parv[1], crypted ? crypted : "???");
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
}
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
char *
make_md5_salt(int length)
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
{
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
static char salt[21];
if(length > 16)
{
printf("MD5 salt length too long\n");
exit(0);
}
salt[0] = '$';
salt[1] = '1';
salt[2] = '$';
generate_random_salt(&salt[3], length);
salt[length + 3] = '$';
salt[length + 4] = '\0';
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
return salt;
}
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
char *
make_sha256_salt(int length)
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
{
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
static char salt[21];
if(length > 16)
{
printf("SHA256 salt length too long\n");
exit(0);
}
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
salt[0] = '$';
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
salt[1] = '5';
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
salt[2] = '$';
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
generate_random_salt(&salt[3], length);
salt[length + 3] = '$';
salt[length + 4] = '\0';
[svn] - the new plan: + branches/release-2.1 -> 2.2 base + 3.0 -> branches/cxxconversion + backport some immediate 3.0 functionality for 2.2 + other stuff
2007-01-25 07:40:21 +01:00
return salt;
}
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
char *
make_sha512_salt(int length)
{
static char salt[21];
if(length > 16)
{
printf("SHA512 salt length too long\n");
exit(0);
}
salt[0] = '$';
salt[1] = '6';
salt[2] = '$';
generate_random_salt(&salt[3], length);
salt[length + 3] = '$';
salt[length + 4] = '\0';
return salt;
}
char *
generate_poor_salt(char *salt, int length)
{
int i;
mkpasswd: use urandom for salts, cleanup Using /dev/random for salt generation is pointless -- it can block, and any extra randomness it would provide (which is debatable) is not needed, as salts only need to be unique, not unpredictable.
2016-08-15 11:55:03 +02:00
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
srand(time(NULL));
for(i = 0; i < length; i++)
salt[i] = saltChars[rand() % 64];
mkpasswd: use urandom for salts, cleanup Using /dev/random for salt generation is pointless -- it can block, and any extra randomness it would provide (which is debatable) is not needed, as salts only need to be unique, not unpredictable.
2016-08-15 11:55:03 +02:00
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
return (salt);
}
char *
generate_random_salt(char *salt, int length)
{
int fd, i;
mkpasswd: use urandom for salts, cleanup Using /dev/random for salt generation is pointless -- it can block, and any extra randomness it would provide (which is debatable) is not needed, as salts only need to be unique, not unpredictable.
2016-08-15 11:55:03 +02:00
if((fd = open("/dev/urandom", O_RDONLY)) < 0)
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
return (generate_poor_salt(salt, length));
mkpasswd: use urandom for salts, cleanup Using /dev/random for salt generation is pointless -- it can block, and any extra randomness it would provide (which is debatable) is not needed, as salts only need to be unique, not unpredictable.
2016-08-15 11:55:03 +02:00
if(read(fd, salt, (size_t)length) != length)
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
{
extensions/mkpasswd: Do not leak /dev/random fd.
2014-02-23 22:18:44 +01:00
close(fd);
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
return (generate_poor_salt(salt, length));
}
for(i = 0; i < length; i++)
Fix error on GCC-6 platform error: invalid operands of types ‘__gnu_cxx::__enable_if<true, double>::__type {aka double}’ and ‘int’ to binary ‘operator%’
2016-08-15 09:22:20 +02:00
salt[i] = saltChars[int(abs(salt[i])) % 64];
mkpasswd: use urandom for salts, cleanup Using /dev/random for salt generation is pointless -- it can block, and any extra randomness it would provide (which is debatable) is not needed, as salts only need to be unique, not unpredictable.
2016-08-15 11:55:03 +02:00
extensions/mkpasswd: Do not leak /dev/random fd.
2014-02-23 22:18:44 +01:00
close(fd);
Overhaul extensions/m_mkpasswd. It now allows SHA256/SHA512 hashes. DES support is removed, as it is insecure and can be broken on my desktop in about 20 minutes.
2011-01-06 07:41:57 +01:00
return (salt);
}
Reference in a new issue Copy permalink