Way back in commit 12a432715f06, crypt_make_salt() was changed to use
monotonic_us() instead of time(NULL) as a poor man's random source,
and, since that then at least made it much less likely that
consecutive calls would return the same result, at the same time lost
the "rnd" parameter. Remnants o
Currently, crypt_make_salt() can only return 2^28 different salt
strings. There are some low-hanging fruits allowing us to reduce the
code size, and even with patch 5 which obviously by itself increases
the footprint, the combined result of these patches is
function
In ASCII at least, '.' is 0x2e, '/' is 0x2f and '0' is 0x30. So the
existing "if (i < 12)" case does the right thing also for i <= 1.
I don't know if busybox supports anything but ASCII environments, but
since we can do it build-time with preprocessor conditionals, we might
as well leave the two c
The use of a PRNG here is useless. No matter what, the generated salt
string is completely determined by the initial value of x.
In fact, since we only look at bits 16-27 and it's a LCG with a
power-of-2 modulus (so the high bits never affect lower bits), only
2^28 different salts can be produced.
Instead of limiting the possible generated salts to 2^32 different
ones, try to get some actual random bits and mix those in. Keep the
old pseudo-random generation in place, so that even if
open_read_close() fails or only returns a partial result, we're not
doing any worse than previously.
In fact
Due to the implementation of crypt_make_salt(), it used to make sense
that the length parameter was only half of the expected length of the
salt, but that's not so any more, so clean it up and make the callers
pass the desired length directly.
Signed-off-by: Rasmus Villemoes
---
libbb/pw_encrypt
Fiona Klute writes:
> Harald van Dijk wrote:
>> On 21/07/2024 13:10, Nop wrote:
>>> Newer GCC increased diagnostics levels resulting in considering the test
>>> code to be invalid. The resulting message was misleading, saying that
>>> ncurses is not found, while it is actually found because GCC o
