Better salt

author Martin Zobel-Helas <zobel@debian.org>

Fri, 9 Mar 2012 11:47:38 +0000 (12:47 +0100)

committer Martin Zobel-Helas <zobel@debian.org>

Fri, 9 Mar 2012 11:47:38 +0000 (12:47 +0100)
author Martin Zobel-Helas <zobel@debian.org>
Fri, 9 Mar 2012 11:47:38 +0000 (12:47 +0100)
committer Martin Zobel-Helas <zobel@debian.org>
Fri, 9 Mar 2012 11:47:38 +0000 (12:47 +0100)
diff --git a/Util.pm b/Util.pm

index 001de37..f6be1ed 100644 (file)
--- a/Util.pm
+++ b/Util.pm
@@ -50,6 +50,22 @@ sub CreateCryptSalt {
    return ($md5 ? "\$1\$$out\$" : $out);
  }
  
+sub CreateMD5Salt {
+  my $validstr = './0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+  my @valid = split(//,$validstr);
+  my ($in, $out);
+  
+  my $cryptsaltlen = 8;
+  
+  open (F, "</dev/urandom") || die &HTMLError("No /dev/urandom found!");
+  foreach (1..$cryptsaltlen) {
+    read(F, $in, 1);
+    $out .= $valid[ord($in) % ($#valid + 1)];
+  }
+  close F;
+  return $out;
+}
+
  sub Encrypt { 
    # blowfish only encrypts things in blocks of 8 bytes, so we
    # need a custom routine that handles longer strings....
diff --git a/update.cgi b/update.cgi

index 13d847b..d7749d8 100755 (executable)
--- a/update.cgi
+++ b/update.cgi
@@ -249,7 +249,7 @@ if (!($query->param('doupdate'))) {
      }
  
      # create a md5 crypted password
-    $newwebpassword = apache_md5_crypt($query->param('newwebpass'), &Util::CreateCryptSalt());
+    $newwebpassword = apache_md5_crypt($query->param('newwebpass'), &Util::CreateMD5Salt());
      
      &Util::LDAPUpdate($ldap, $editdn, 'webPassword', $newwebpassword);
    }
author	Martin Zobel-Helas <zobel@debian.org>
	Fri, 9 Mar 2012 11:47:38 +0000 (12:47 +0100)
committer	Martin Zobel-Helas <zobel@debian.org>
	Fri, 9 Mar 2012 11:47:38 +0000 (12:47 +0100)
Util.pm		patch \| blob \| history
update.cgi		patch \| blob \| history