[3973] in Athena Bugs
all platforms, all releases: passwd.real
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Sat Jan 13 23:19:14 1990
Date: Sat, 13 Jan 90 23:18:46 -0500
From: Jonathan I. Kamens <jik@PIT-MANAGER.MIT.EDU>
To: bugs@ATHENA.MIT.EDU, testers@ATHENA.MIT.EDU
The code in the passwd program from berkeley appears to have a
somewhat major flaw in the code that selects a two-character salt to
use when encrypting a user's changed password. In particular, the
code fragment reads:
(void) time(&salt);
salt = 9 * getpid();
saltc[0] = salt & 077;
saltc[1] = (salt>>6) & 077;
Now, either I am misunderstanding things in this code fragment rather
badly, or what it does is first put the current time value into the
salt variable, and then assign the salt variable to something else
while completely ignoring its former value.
What the program appears to be *trying* to do is use both the
current time and the process id of the passwd program to randomize the
selection of the salt. What it appears to be *actually doing instead*
is using only the current process id, and discarding the current time.
I am not certain about this, but perhaps the code fragment should
read as follows?
(void) time(&salt);
salt *= 9 * getpid();
saltc[0] = salt & 077;
saltc[1] = (salt>>6) & 077;
Note that the only thing I have changed is to change the "=" on the
second line to "*=", which will cause the previously calculated time
value to be use in the determination of the salt.
Note that this bug, if indeed it is a bug and not just a
misunderstanding on my part (If I am misunderstanding something, I
would appreciate it if someone would explain what it is :-), is also
present in the 4.3 Tahoe sources we have on-line.
jik
