Date: Thu, 31 May 2001 02:25:04 +0900 From: Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/27775: Too short salt of Blowfish of 4.3-STABLE Message-ID: <20010531022504E.koya@pluto.math.yokohama-cu.ac.jp>
next in thread | raw e-mail | index | archive | help
>Number: 27775 >Category: bin >Synopsis: Too short salt of Blowfish of 4.3-STABLE >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed May 30 10:30:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Yoshihiro Koya >Release: FreeBSD 4.3-STABLE i386 >Organization: Dept. of Math. Sci, Yokohama City Univ. >Environment: System: FreeBSD presario.my.domain 4.3-STABLE FreeBSD 4.3-STABLE #0: Thu May 31 01:27:03 JST 2001 root@presario.my.domain:/usr/obj/usr/src/sys/presario i386 local_passwd.c: $FreeBSD: src/usr.bin/passwd/local_passwd.c,v 1.24.2.1 2000/09/20 11:19:55 green Exp $ >Description: Salt for blowfish generated by passwd(1) is too short. >How-To-Repeat: Use passwd with blowfish hashing scheme. Then you would obtain something like foo:$2a$04$wJnEuWLj..............OFE3dSydtf7u8rFWbuNGJ7rH0YNUYsW:1010:20::0:0:User &:/tmp:/bin/csh (The above user foo and his password is an experimental one. :-) >Fix: local_passwd.c of rev. 1.27 seems to work well. Please MFC. Index: local_passwd.c =================================================================== RCS file: /home/ncvs/src/usr.bin/passwd/local_passwd.c,v retrieving revision 1.27 retrieving revision 1.24.2.1 diff -u -r1.27 -r1.24.2.1 --- local_passwd.c 2001/03/11 16:37:30 1.27 +++ local_passwd.c 2000/09/20 11:19:55 1.24.2.1 @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/usr.bin/passwd/local_passwd.c,v 1.27 2001/03/11 16:37:30 markm Exp $ + * $FreeBSD: src/usr.bin/passwd/local_passwd.c,v 1.24.2.1 2000/09/20 11:19:55 green Exp $ */ #ifndef lint @@ -100,7 +100,7 @@ #ifdef LOGIN_CAP login_cap_t * lc; #endif - char buf[_PASSWORD_LEN+1], salt[32]; + char buf[_PASSWORD_LEN+1], salt[10]; struct timeval tv; if (!nis) @@ -182,11 +182,7 @@ to64(&salt[0], random(), 3); to64(&salt[3], tv.tv_usec, 3); to64(&salt[6], tv.tv_sec, 2); - to64(&salt[8], random(), 5); - to64(&salt[13], random(), 5); - to64(&salt[17], random(), 5); - to64(&salt[22], random(), 5); - salt[27] = '\0'; + salt[8] = '\0'; #endif return (crypt(buf, salt)); } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010531022504E.koya>