Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 20 Jan 2002 23:26:17 +0300
From:      "Andrey A. Chernov" <ache@nagual.pp.ru>
To:        Mark Murray <mark@grondar.za>
Cc:        des@freebsd.org, current@freebsd.org
Subject:   Re: Step1, pam_unix srandomdev fix for review
Message-ID:  <20020120202615.GF24138@nagual.pp.ru>
In-Reply-To: <200201202017.g0KKHLt33050@grimreaper.grondar.org>
References:  <20020120200455.GC24138@nagual.pp.ru> <200201202017.g0KKHLt33050@grimreaper.grondar.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 20, 2002 at 20:17:21 +0000, Mark Murray wrote:
> 
> Hmm. OK. Do you understand, though, why the salt does not need
> cryptographic randomness?

Yes.

> Another patch of yours replaced sprintf with a faster strlcpy,
> but this uses the _much_ slower arc4random() which is not
> necessary IMO. How about just using pid's or something?

1) arc4random() is not slower than random(), so it not _increase_ 
existent PAM slowness.
2) I care here not about PAM, but about user application which RNG state 
current code damages.
3) I treat arc4random() replacement as bugfix for _application_ which not 
makes PAM code worse than it already is.

> The original crypt(3) salt quantised the time-of-day into
> 4096 pieces for the salt - how about doing something like
> that? UUEncode time()|pid()|getuid() might work just fine.

I agree. But I don't plan to improve PAM in this my fix, I just want to 
unbreak application first. Someone else can do what you suggest 
afterwards.

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020120202615.GF24138>