httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Krennmair <netn...@synflood.at>
Subject htpasswd salt generation weakness in MD5 mode
Date Sun, 26 Sep 2004 17:09:52 GMT
Hello,

I noticed a salt generation weakness when using htpasswd in MD5 mode on
platforms where rand() returns only a 32 bit value: since the MD5 salt
is 48 bits wide, the last 2 or 3 characters are always filled with '.'.

$ htpasswd -m -c /tmp/htpasswdtest a
New password: 
Re-type new password: 
Adding password for user a
$ cat /tmp/htpasswdtest
a:$apr1$sTQf/...$v6RZCfMprmLq5vMTzpwH2/
$

IMHO, this should not be, and therefore I propose the following fix:

--- htpasswd.c~ 2004-09-26 20:01:11.927886608 +0200
+++ htpasswd.c  2004-09-26 20:05:04.213573816 +0200
@@ -112,6 +112,18 @@
     }
 }
 
+static void generate_salt(char *s, size_t size)
+{
+       static unsigned char tbl[] = 
+            "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+        size_t i;
+        for (i = 0; i < size; ++i) {
+                int idx = (int) (64.0 * rand() / (RAND_MAX + 1.0));
+                s[i] = tbl[idx];
+       }
+}
+
+
 static void putline(apr_file_t *f, const char *l)
 {
     apr_file_puts(l, f);
@@ -160,7 +172,7 @@
 
     case ALG_APMD5: 
         (void) srand((int) time((time_t *) NULL));
-        to64(&salt[0], rand(), 8);
+        generate_salt(&salt[0], 8);
         salt[8] = '\0';
 
         apr_md5_encode((const char *)pw, (const char *)salt,

This above patch would lead to a more random MD5 salt:

$ ./htpasswd -m -c /tmp/htpasswdtest2 b
New password: 
Re-type new password: 
Adding password for user b
$ cat /tmp/htpasswdtest2
b:$apr1$iOJN8Jax$rQLDvG0ALByOBtHgN2wk7/
$

Regards,
Andreas Krennmair


Mime
View raw message