From ipfw@ya3.so-net.ne.jp  Sun Jul 15 12:02:45 2001
Return-Path: <ipfw@ya3.so-net.ne.jp>
Received: from mgate11.so-net.ne.jp (mgate11.so-net.ne.jp [210.139.254.158])
	by hub.freebsd.org (Postfix) with ESMTP id 7415337B401
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 15 Jul 2001 12:02:44 -0700 (PDT)
	(envelope-from ipfw@ya3.so-net.ne.jp)
Received: from mail.ya3.so-net.ne.jp (mspool11.so-net.ne.jp [210.139.248.11])
	by mgate11.so-net.ne.jp (8.9.3/3.7W01060506) with ESMTP id EAA20128
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 16 Jul 2001 04:01:57 +0900 (JST)
Received: from localhost (pd5fb52.kngwnt01.ap.so-net.ne.jp [202.213.251.82])
	by mail.ya3.so-net.ne.jp  with ESMTP id f6FJ1uD08709
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 16 Jul 2001 04:01:56 +0900 (JST)
Message-Id: <20010716040416Z.koya@pluto.math.yokohama-cu.ac.jp>
Date: Mon, 16 Jul 2001 04:04:16 +0900
From: Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp>
Sender: Yoshihiro Koya <koya@math.yokohama-cu.ac.jp>
Reply-To: Yoshihiro Koya <koya@math.yokohama-cu.ac.jp>
To: FreeBSD-gnats-submit@freebsd.org
Subject: adduser(8) generates too short salt
X-Send-Pr-Version: 3.113

>Number:         28991
>Category:       bin
>Synopsis:       adduser(8) generates too short salt with blf
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    dd
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jul 15 12:10:25 PDT 2001
>Closed-Date:    Mon Jul 30 16:56:52 PDT 2001
>Last-Modified:  Mon Jul 30 16:56:59 PDT 2001
>Originator:     Yoshihiro Koya
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
Dept. of Math. Sci., Yokohama City Univ.
>Environment:
System: FreeBSD current.my.domain 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Sun Jun 17 15:46:19 JST 2001 root@current.my.domain:/usr/obj/usr/src/sys/current i386

$FreeBSD: src/usr.sbin/adduser/adduser.perl,v 1.46 2001/05/02 13:20:12 adrian Exp $
>Description:
	Adduser(8) generates too short salt under using blf
	as a secure hash scheme.

	It assumes only use DES or MD5 maybe.
>How-To-Repeat:
	Put the following line in your /etc/auth.conf
		crypt_default = blf
	Then, create a dummy user by adduser(8).
>Fix:

	In the following patch, I cannot assure that the value
	of length 27 is the shortest one.

Index: adduser.perl
===================================================================
RCS file: /home/ncvs/src/usr.sbin/adduser/adduser.perl,v
retrieving revision 1.46
diff -u -r1.46 adduser.perl
--- adduser.perl	2001/05/02 13:20:12	1.46
+++ adduser.perl	2001/07/15 18:44:00
@@ -894,7 +894,7 @@
 
     warn "calculate salt\n" if $verbose > 1;
     # to64
-    for ($i = 0; $i < 8; $i++) {
+    for ($i = 0; $i < 27; $i++) {
 	srand(time + $rand + $$); 
 	$rand = rand(25*29*17 + $rand);
 	$salt .=  $itoa64[$rand & $#itoa64];
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed 
State-Changed-By: dd 
State-Changed-When: Thu Jul 19 05:00:07 PDT 2001 
State-Changed-Why:  
applied, thanks! 


Responsible-Changed-From-To: freebsd-bugs->dd 
Responsible-Changed-By: dd 
Responsible-Changed-When: Thu Jul 19 05:00:07 PDT 2001 
Responsible-Changed-Why:  
My MFC reminder. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=28991 
State-Changed-From-To: analyzed->closed 
State-Changed-By: dd 
State-Changed-When: Mon Jul 30 16:56:52 PDT 2001 
State-Changed-Why:  
MFC'd 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=28991 
>Unformatted:
