Date: Tue, 05 Feb 2002 22:38:41 +0000 From: Mark Murray <mark@grondar.za> To: Alfred Perlstein <bright@mu.org> Cc: "Andrey A. Chernov" <ache@nagual.pp.ru>, des@freebsd.org, cvs-committers@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_unix pam_unix.c Message-ID: <200202052238.g15Mcks34013@greenpeace.grondar.org> In-Reply-To: <20020205141029.V59017@elvis.mu.org> ; from Alfred Perlstein <bright@mu.org> "Tue, 05 Feb 2002 14:10:29 PST." References: <20020205141029.V59017@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Mark, can you comment? I've read that you said an application > shouldn't depend on state of random() when making pam calls, but > this doesn't sound very good, it should at least be documented, > better yet avoided... When did I say that? :-) I said that crypt(3)'s salt needs to be very variable to thwart dictionary building. In my opinion, Andreys example is a good example of very poor pseudo-random number usage. he simply needs to call srandom() in a better place. M -- o Mark Murray \_ FreeBSD Services Limited O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202052238.g15Mcks34013>