http://bugzilla.lysator.liu.se/show_bug.cgi?id=1068
Summary: Bad randomness for password salt Product: lyskomd Version: 2.0.7 Platform: All OS/Version: All Status: NEW Severity: minor Priority: P3 Component: server AssignedTo: ceder@lysator.liu.se ReportedBy: ceder@lysator.liu.se QAContact: lyskomd-qa@lists.lysator.liu.se
We feed the random number generator via a simple
srand(time(NULL) + getpid());
and that is cryptographically very poor. Use /dev/random if it exists.
This random number generator is later used to create a salt for crypt().
See FIXME in ramkomd.c.
------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.
lyskomd-qa@lists.lysator.liu.se