From: jgg <>
Date: Sun, 30 Apr 2000 20:28:05 +0000 (+0000)
Subject: Improvement to password hasher
X-Git-Tag: debian_userdir-ldap_0-3-7~155
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=commitdiff_plain;h=673cf786753eb8952598ecf3e67cbbaa4f80f5e9

Improvement to password hasher
---

diff --git a/userdir_ldap.py b/userdir_ldap.py
index 07bc6b1..a8b62fe 100644
--- a/userdir_ldap.py
+++ b/userdir_ldap.py
@@ -137,7 +137,7 @@ def GenPass():
    SaltVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/.";
    Rand = open("/dev/urandom");
    Password = "";
-   for i in range(0,10):
+   for i in range(0,15):
       Password = Password + SaltVals[ord(Rand.read(1)[0]) % len(SaltVals)];
    return Password;
 
@@ -147,8 +147,9 @@ def HashPass(Password):
    # glibc then just change Salt = "$1$" to Salt = "";
    SaltVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/.";
    Salt  = "$1$";
+   Rand = open("/dev/urandom");
    for x in range(0,10):
-      Salt = Salt + SaltVals[whrandom.randint(0,len(SaltVals)-1)];
+      Salt = Salt + SaltVals[ord(Rand.read(1)[0]) % len(SaltVals)];
    Pass = crypt.crypt(Password,Salt);
    if len(Pass) < 14:
       raise "Password Error", "MD5 password hashing failed, not changing the password!";