hmac-sha1 is now using getpid() for iteration counts: http://www.linuxfromscratch.org/~robert/new/shadow-openssl/shadow-4.0.4.1-openssl.diff9
The iteration count doesn't have to be random, just different. The password string contains the iteration number, so randomness does very little good. It is different with each new password just so folks won't be able to use a pre-generated crack dictionary, and they'll need a new dictionary for each password hash. I got sha512 working, but without copying identical code with different #define's I need to fix makefile.am to build the same file twice with different cppflags, and doing the autotools comes last. This patch uses arc4random() for password salt, for the moment. robert
pgpR0IEY9EAFK.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
