forked from github/server
add a little extra randomness to the seed salt (still bad).
remove dead prototype code from faction.c
This commit is contained in:
parent
4fb453863d
commit
76475b9bf7
2 changed files with 2 additions and 14 deletions
|
@ -63,7 +63,6 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
|
||||
faction *factions;
|
||||
|
||||
|
@ -314,18 +313,6 @@ unit *addplayer(region * r, faction * f)
|
|||
return u;
|
||||
}
|
||||
|
||||
extern char *sha256_crypt(const char *key, const char *salt);
|
||||
|
||||
const char * mksalt(char *salt, size_t len) {
|
||||
char *dst = salt;
|
||||
int ent = (int)time(0);
|
||||
// FIXME: worst ever salt generation
|
||||
while (dst < salt + len) {
|
||||
*dst++ = itoa36(ent & rng_int())[0];
|
||||
}
|
||||
return salt;
|
||||
}
|
||||
|
||||
bool checkpasswd(const faction * f, const char *passwd)
|
||||
{
|
||||
if (!passwd) return false;
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
#include <assert.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <time.h>
|
||||
|
||||
#define MAXSALTLEN 32 // maximum length in characters of any salt
|
||||
#define SALTLEN 8 // length of salts we generate
|
||||
|
@ -33,7 +34,7 @@ char *password_gensalt(void) {
|
|||
char *cp = salt;
|
||||
int buflen = SALTLEN;
|
||||
while (buflen) {
|
||||
unsigned long ul = genrand_int32();
|
||||
unsigned long ul = genrand_int32() & time(0);
|
||||
b64_from_24bit((char)(ul & 0xFF), (char)((ul>>8)&0xff), (char)((ul>>16)&0xFF), 4);
|
||||
}
|
||||
salt[SALTLEN] = 0;
|
||||
|
|
Loading…
Reference in a new issue