From owner-freebsd-bugs Sun Jul 15 12:10:31 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id B98B037B409 for ; Sun, 15 Jul 2001 12:10:26 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f6FJAQN07942; Sun, 15 Jul 2001 12:10:26 -0700 (PDT) (envelope-from gnats) Received: from mgate11.so-net.ne.jp (mgate11.so-net.ne.jp [210.139.254.158]) by hub.freebsd.org (Postfix) with ESMTP id 7415337B401 for ; Sun, 15 Jul 2001 12:02:44 -0700 (PDT) (envelope-from ipfw@ya3.so-net.ne.jp) Received: from mail.ya3.so-net.ne.jp (mspool11.so-net.ne.jp [210.139.248.11]) by mgate11.so-net.ne.jp (8.9.3/3.7W01060506) with ESMTP id EAA20128 for ; Mon, 16 Jul 2001 04:01:57 +0900 (JST) Received: from localhost (pd5fb52.kngwnt01.ap.so-net.ne.jp [202.213.251.82]) by mail.ya3.so-net.ne.jp with ESMTP id f6FJ1uD08709 for ; Mon, 16 Jul 2001 04:01:56 +0900 (JST) Message-Id: <20010716040416Z.koya@pluto.math.yokohama-cu.ac.jp> Date: Mon, 16 Jul 2001 04:04:16 +0900 From: Yoshihiro Koya Reply-To: Yoshihiro Koya To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: bin/28991: adduser(8) generates too short salt Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 28991 >Category: bin >Synopsis: adduser(8) generates too short salt with blf >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Jul 15 12:10:25 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Yoshihiro Koya >Release: FreeBSD 5.0-CURRENT i386 >Organization: Dept. of Math. Sci., Yokohama City Univ. >Environment: System: FreeBSD current.my.domain 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Sun Jun 17 15:46:19 JST 2001 root@current.my.domain:/usr/obj/usr/src/sys/current i386 $FreeBSD: src/usr.sbin/adduser/adduser.perl,v 1.46 2001/05/02 13:20:12 adrian Exp $ >Description: Adduser(8) generates too short salt under using blf as a secure hash scheme. It assumes only use DES or MD5 maybe. >How-To-Repeat: Put the following line in your /etc/auth.conf crypt_default = blf Then, create a dummy user by adduser(8). >Fix: In the following patch, I cannot assure that the value of length 27 is the shortest one. Index: adduser.perl =================================================================== RCS file: /home/ncvs/src/usr.sbin/adduser/adduser.perl,v retrieving revision 1.46 diff -u -r1.46 adduser.perl --- adduser.perl 2001/05/02 13:20:12 1.46 +++ adduser.perl 2001/07/15 18:44:00 @@ -894,7 +894,7 @@ warn "calculate salt\n" if $verbose > 1; # to64 - for ($i = 0; $i < 8; $i++) { + for ($i = 0; $i < 27; $i++) { srand(time + $rand + $$); $rand = rand(25*29*17 + $rand); $salt .= $itoa64[$rand & $#itoa64]; >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message