On Wed, Mar 19, 2003 at 11:26:18AM -0500, [EMAIL PROTECTED] wrote:
> I have been working with OTRS here for a bit, and needed to modify the
> source some, and had an idea I thought I would pass along.
>
> In Kernel/System/Auth/DB.pm, Kernel/System/User.pm,
> Kernel/System/CustomerUser/DB.pm and Modules/AdminSignature.pm the salt
> for the crypt() function is $User. My thought was to secure this some
> more by using a function like below to build a random salt for password
> encryption:
>
> sub random_salt
> {
> my (@salt_set, $salt);
> @salt_set = ('a'..'z', 'A'..'Z', '0'..'9', '.', '/');
> $alt = $salt_set[int(rand(64))] . $salt_set[int(rand(64))];
> return $salt;
> }
>
> Since the password checking routine, Auth(), already reads the username
> and password from the system_users table one could get the salt for
> password verification easily:
>
> my $salt = $GetPw;
> $salt =~ s/^(..).*/$1/;
It sounds good to me (and it's compatible). Wiktor, what do you think?
> Andrew
Martin
--
Martin Edenhofer - <martin at edenhofer.de> - http://martin.edenhofer.de/
--
Noch 179 Tage bis zum G�ubodenvolksfest! ;-)
_______________________________________________
OTRS mailing list: dev - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/dev
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
