NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > OpenBSD Security> cvs
> OpenBSD CVS Commits> 2006-03

CVS: cvs.openbsd.org: src

From: Todd C. Miller (millertcvs.openbsd.org)
Date: Thu Mar 09 2006 - 13:14:10 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

CVSROOT: /cvs
Module name: src
Changes by: millertcvs.openbsd.org 2006/03/09 12:14:10

Modified files:
        libexec/login_chpass: login_chpass.c
        libexec/login_krb5-or-pwd: Makefile
        libexec/login_lchpass: login_lchpass.c
        libexec/login_passwd: Makefile common.h login_passwd.c
        libexec/login_reject: Makefile login_reject.c

Log message:
Foil potential timing attacks by using the correct password hash
instead of "xx". In practice this means bcrypt() will be used for
non-existent users instead of DES crypt().
Adapted from a patch by Peter Philipp. OK deraadt

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]