[Dovecot] weakness in hash salt generation
Joshua Goodall
joshua at roughtrade.net
Fri Jul 23 20:11:15 EEST 2004
Dovecot has routines for password hashing; two of these, crypt_generate
and md5_generate, both use sizeof(salt_chars) when reducing a random
string to salt.
I became suspicious when I noted that all salts generated are composed
only of "./01".
Unfortunately salt_char is declared static const char * rather than
static const char [], and so sizeof(salt_chars) is the size of a pointer.
Recommend:
diff -u -r1.8 password-scheme.c
--- password-scheme.c 30 May 2004 03:57:15 -0000 1.8
+++ password-scheme.c 23 Jul 2004 17:05:36 -0000
@@ -15,7 +15,7 @@
# include <openssl/sha.h>
#endif
-static const char *salt_chars =
+static const char salt_chars[] =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
static buffer_t *schemes_buf;
joshua.
--
Joshua Goodall "as modern as tomorrow afternoon"
joshua at roughtrade.net - FW109
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20040724/17a6a715/attachment-0001.bin>
More information about the dovecot
mailing list