DO NOT REPLY [Bug 31440] - htpasswd salt generation weakness

[bu...@apache.org]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31440>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31440





------- Additional Comments From peterw@tux.org  2008-01-25 10:10 -------
Created an attachment (id=21429)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=21429&action=view)
patch against httpd-2.2.8 to resolve weak PRNG seeding

Andreas, I think you're on the right track, but your patch only adds the
appearance of greater randomness. The core problem here is poor seeding of the
PRNG. Every salted output from htpasswd starts with using time() to feed
srand(). Even with your patch, htpasswd will always use the same seed at the
any given time.

The most important thing that needs to change is the calls to srand(). Here's a
patch that keeps your nice 48-bit padding and adds better seeding. If the user
sets a RANDOM_SEED environment variable, htpasswd will use that file/device. If
not, it will try to use /dev/urandom. If it cannot use /dev/urandom or the user
provides an unusable file/device name, it will fall back to using time() but
will print a warning to STDERR. Also (untested!) if the user is on a platform
with 32-bit integers, htpasswd will re-seed the PRNG as needed, to improve the
chances of a true 48-bit salt.

-Peter


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org