From 76475b9bf70546efbc98f37b3db9a71e54c1246d Mon Sep 17 00:00:00 2001
From: Enno Rehling <enno.rehling@gmail.com>
Date: Fri, 15 Jan 2016 08:01:12 +0100
Subject: [PATCH] add a little extra randomness to the seed salt (still bad).
 remove dead prototype code from faction.c

---
 src/kernel/faction.c | 13 -------------
 src/util/password.c  |  3 ++-
 2 files changed, 2 insertions(+), 14 deletions(-)

diff --git a/src/kernel/faction.c b/src/kernel/faction.c
index ea12c315f..cf1372950 100755
--- a/src/kernel/faction.c
+++ b/src/kernel/faction.c
@@ -63,7 +63,6 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <time.h>
 
 faction *factions;
 
@@ -314,18 +313,6 @@ unit *addplayer(region * r, faction * f)
     return u;
 }
 
-extern char *sha256_crypt(const char *key, const char *salt);
-
-const char * mksalt(char *salt, size_t len) {
-    char *dst = salt;
-    int ent = (int)time(0);
-    // FIXME: worst ever salt generation
-    while (dst < salt + len) {
-        *dst++ = itoa36(ent & rng_int())[0];
-    }
-    return salt;
-}
-
 bool checkpasswd(const faction * f, const char *passwd)
 {
     if (!passwd) return false;
diff --git a/src/util/password.c b/src/util/password.c
index 6a2fdd5ad..bd8c98e03 100644
--- a/src/util/password.c
+++ b/src/util/password.c
@@ -7,6 +7,7 @@
 #include <assert.h>
 #include <string.h>
 #include <stdio.h>
+#include <time.h>
 
 #define MAXSALTLEN 32 // maximum length in characters of any salt
 #define SALTLEN 8 // length of salts we generate
@@ -33,7 +34,7 @@ char *password_gensalt(void) {
     char *cp = salt;
     int buflen = SALTLEN;
     while (buflen) {
-        unsigned long ul = genrand_int32();
+        unsigned long ul = genrand_int32() & time(0);
         b64_from_24bit((char)(ul & 0xFF), (char)((ul>>8)&0xff), (char)((ul>>16)&0xFF), 4);
     }
     salt[SALTLEN] = 0;