summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorTomas Mraz <tmraz@fedoraproject.org>2016-01-25 16:50:00 +0100
committerTomas Mraz <tmraz@fedoraproject.org>2016-01-25 16:50:00 +0100
commit698edffcffd54e7d81bad0829cee9dd2f0a3a6d7 (patch)
treecd0eacdde6c47a6bc5fc255ab0bf503e403dfed5 /modules
parent20047e7fdcfff6633d8201f0954be51f6378f1ae (diff)
pam_unix: Change the salt length for new hashes to 16 characters
* modules/pam_unix/passverify.c (create_password_hash): Change the salt length for new hashes to 16 characters.
Diffstat (limited to 'modules')
-rw-r--r--modules/pam_unix/passverify.c7
1 files changed, 2 insertions, 5 deletions
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index e79b55e6..078adc62 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -417,12 +417,9 @@ PAMH_ARG_DECL(char * create_password_hash,
#endif
sp = stpcpy(salt, algoid);
if (on(UNIX_ALGO_ROUNDS, ctrl)) {
- sp += snprintf(sp, sizeof(salt) - 3, "rounds=%u$", rounds);
+ sp += snprintf(sp, sizeof(salt) - (16 + 1 + (sp - salt)), "rounds=%u$", rounds);
}
- crypt_make_salt(sp, 8);
- /* For now be conservative so the resulting hashes
- * are not too long. 8 bytes of salt prevents dictionary
- * attacks well enough. */
+ crypt_make_salt(sp, 16);
#ifdef HAVE_CRYPT_GENSALT_R
}
#endif