Commit bdca8c01 authored by Adriaan de Groot's avatar Adriaan de Groot 💬
Browse files

Correct salting array:

- Missing letter "w" and "W" in list of characters meant only 62
  letters, so less than 6 bits of randomness per salt char.
- A char array like this one still has a trailing NUL char which
  affects the sizeof. Since bounded produces a number < its second
  argument, need to discount the NUL so we only index into
  the letters-part of the string.

Add static_assert() to catch this.
parent 6b822924
......@@ -175,11 +175,14 @@ void User::setPath(const QDBusObjectPath &path) {
static char
saltCharacter() {
static const char saltCharacters[] = "ABCDEFGHIJKLMNOPQRSTUVXYZ"
"abcdefghijklmnopqrstuvxyz"
"./0123456789";
const quint32 index = QRandomGenerator::system()->bounded(0u, sizeof(saltCharacters));
static constexpr const quint32 letterCount = 64;
static const char saltCharacters[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"./0123456789"; // and trailing NUL
static_assert(sizeof(saltCharacters) == (letterCount+1), // 64 letters and trailing NUL
"Salt-chars array is not exactly 64 letters long");
const quint32 index = QRandomGenerator::system()->bounded(0u, letterCount);
return saltCharacters[index];
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment