diff options
| author | Niels Provos <provos@cvs.openbsd.org> | 1998-07-05 21:08:38 +0000 |
|---|---|---|
| committer | Niels Provos <provos@cvs.openbsd.org> | 1998-07-05 21:08:38 +0000 |
| commit | f5a47d994d633015b1d28e0e9bfcc4c0d1454690 (patch) | |
| tree | c1ce714d1f85cb63b86d399b1a8fc186ec1a316c | |
| parent | 61db3cc2c59b8a65075d56d23e1bb07b3e0051dd (diff) | |
newsalt uses 24-bit count, and not 32-bit
| -rw-r--r-- | etc/passwd.conf | 4 | ||||
| -rw-r--r-- | share/man/man5/passwd.conf.5 | 4 | ||||
| -rw-r--r-- | usr.bin/passwd/pwd_gensalt.c | 9 |
3 files changed, 10 insertions, 7 deletions
diff --git a/etc/passwd.conf b/etc/passwd.conf index 5ba025c6d63..7278c5102d1 100644 --- a/etc/passwd.conf +++ b/etc/passwd.conf @@ -1,4 +1,4 @@ -# $OpenBSD: passwd.conf,v 1.8 1998/07/04 18:30:14 provos Exp $ +# $OpenBSD: passwd.conf,v 1.9 1998/07/05 21:08:35 provos Exp $ # # Passwd configuration file # @@ -8,7 +8,7 @@ # localcipher, ypcipher # they can take values of # old - old unix style salt of 12bit (YP compatible) -# newsalt,x - DES hash with salt of 24 bit, x a 32-bit integer +# newsalt,x - DES hash with salt of 24 bit, x a 24-bit integer # specifiying the number of rounds. # md5 - MD5 hashing algorithm # blowfish,x - Blowfish cipher, 2^x is number of rounds (BEST!) diff --git a/share/man/man5/passwd.conf.5 b/share/man/man5/passwd.conf.5 index 757adc2145f..e703339891b 100644 --- a/share/man/man5/passwd.conf.5 +++ b/share/man/man5/passwd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: passwd.conf.5,v 1.5 1998/07/04 18:29:17 provos Exp $ +.\" $OpenBSD: passwd.conf.5,v 1.6 1998/07/05 21:08:37 provos Exp $ .\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> .\" All rights reserved. .\" @@ -56,7 +56,7 @@ this file are: The cipher to use for local passwords. Possible values are: 'old', 'newsalt,<rounds>', 'md5' or 'blowfish,<rounds>'. For .Nm newsalt -the value of rounds is a 32-bit integer with a minmum of 725 rounds. +the value of rounds is a 24-bit integer with a minmum of 7250 rounds. For .Nm blowfish the value can be between 4 and 31. It specifies the base 2 logarithm of diff --git a/usr.bin/passwd/pwd_gensalt.c b/usr.bin/passwd/pwd_gensalt.c index 628b94a7c6e..1000776e341 100644 --- a/usr.bin/passwd/pwd_gensalt.c +++ b/usr.bin/passwd/pwd_gensalt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pwd_gensalt.c,v 1.8 1998/07/04 18:27:04 provos Exp $ */ +/* $OpenBSD: pwd_gensalt.c,v 1.9 1998/07/05 21:08:32 provos Exp $ */ /* * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> * All rights reserved. @@ -91,10 +91,13 @@ pwd_gensalt(salt, max, pwd, type) salt[2] = '\0'; } else if (!strcmp(now, "newsalt")) { u_int32_t rounds = atol(next); - if (rounds < 725) - rounds = 725; if (max < 10) return 0; + /* Check rounds, 24 bit is max */ + if (rounds < 7250) + rounds = 7250; + else if (rounds > 0xffffff) + rounds = 0xffffff; salt[0] = _PASSWORD_EFMT1; to64(&salt[1], (u_int32_t) rounds, 4); to64(&salt[5], arc4random(), 4); |