From owner-cvs-all Tue Feb 5 14:46:50 2002 Delivered-To: cvs-all@freebsd.org Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.139.170]) by hub.freebsd.org (Postfix) with ESMTP id F017537B425; Tue, 5 Feb 2002 14:46:42 -0800 (PST) Received: (from uucp@localhost) by storm.FreeBSD.org.uk (8.11.6/8.11.6) with UUCP id g15Mkg334993; Tue, 5 Feb 2002 22:46:42 GMT (envelope-from mark@grondar.za) Received: from greenpeace.grondar.org (greenpeace [192.168.42.2]) by gratis.grondar.org (Postfix) with ESMTP id EBB883E6; Tue, 5 Feb 2002 22:42:07 +0000 (GMT) Received: from grondar.za (localhost [127.0.0.1]) by greenpeace.grondar.org (8.11.6/8.11.6) with ESMTP id g15Mcks34013; Tue, 5 Feb 2002 22:38:46 GMT (envelope-from mark@grondar.za) Message-Id: <200202052238.g15Mcks34013@greenpeace.grondar.org> To: Alfred Perlstein Cc: "Andrey A. Chernov" , des@freebsd.org, cvs-committers@freebsd.org, cvs-all@freebsd.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_unix pam_unix.c References: <20020205141029.V59017@elvis.mu.org> In-Reply-To: <20020205141029.V59017@elvis.mu.org> ; from Alfred Perlstein "Tue, 05 Feb 2002 14:10:29 PST." Date: Tue, 05 Feb 2002 22:38:41 +0000 From: Mark Murray Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Mark, can you comment? I've read that you said an application > shouldn't depend on state of random() when making pam calls, but > this doesn't sound very good, it should at least be documented, > better yet avoided... When did I say that? :-) I said that crypt(3)'s salt needs to be very variable to thwart dictionary building. In my opinion, Andreys example is a good example of very poor pseudo-random number usage. he simply needs to call srandom() in a better place. M -- o Mark Murray \_ FreeBSD Services Limited O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message