Date: Thu, 31 May 2001 02:25:04 +0900 From: Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/27775: Too short salt of Blowfish of 4.3-STABLE Message-ID: <20010531022504E.koya@pluto.math.yokohama-cu.ac.jp>
next in thread | raw e-mail | index | archive | help
>Number: 27775
>Category: bin
>Synopsis: Too short salt of Blowfish of 4.3-STABLE
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed May 30 10:30:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Yoshihiro Koya
>Release: FreeBSD 4.3-STABLE i386
>Organization:
Dept. of Math. Sci, Yokohama City Univ.
>Environment:
System: FreeBSD presario.my.domain 4.3-STABLE FreeBSD 4.3-STABLE #0: Thu May 31 01:27:03 JST 2001 root@presario.my.domain:/usr/obj/usr/src/sys/presario i386
local_passwd.c:
$FreeBSD: src/usr.bin/passwd/local_passwd.c,v 1.24.2.1 2000/09/20 11:19:55 green Exp $
>Description:
Salt for blowfish generated by passwd(1) is too short.
>How-To-Repeat:
Use passwd with blowfish hashing scheme.
Then you would obtain something like
foo:$2a$04$wJnEuWLj..............OFE3dSydtf7u8rFWbuNGJ7rH0YNUYsW:1010:20::0:0:User &:/tmp:/bin/csh
(The above user foo and his password is an experimental one. :-)
>Fix:
local_passwd.c of rev. 1.27 seems to work well.
Please MFC.
Index: local_passwd.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/passwd/local_passwd.c,v
retrieving revision 1.27
retrieving revision 1.24.2.1
diff -u -r1.27 -r1.24.2.1
--- local_passwd.c 2001/03/11 16:37:30 1.27
+++ local_passwd.c 2000/09/20 11:19:55 1.24.2.1
@@ -30,7 +30,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/usr.bin/passwd/local_passwd.c,v 1.27 2001/03/11 16:37:30 markm Exp $
+ * $FreeBSD: src/usr.bin/passwd/local_passwd.c,v 1.24.2.1 2000/09/20 11:19:55 green Exp $
*/
#ifndef lint
@@ -100,7 +100,7 @@
#ifdef LOGIN_CAP
login_cap_t * lc;
#endif
- char buf[_PASSWORD_LEN+1], salt[32];
+ char buf[_PASSWORD_LEN+1], salt[10];
struct timeval tv;
if (!nis)
@@ -182,11 +182,7 @@
to64(&salt[0], random(), 3);
to64(&salt[3], tv.tv_usec, 3);
to64(&salt[6], tv.tv_sec, 2);
- to64(&salt[8], random(), 5);
- to64(&salt[13], random(), 5);
- to64(&salt[17], random(), 5);
- to64(&salt[22], random(), 5);
- salt[27] = '\0';
+ salt[8] = '\0';
#endif
return (crypt(buf, salt));
}
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010531022504E.koya>