diff options
| author | Alex Auvolat <alex@adnab.me> | 2020-01-27 17:01:32 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2020-01-27 17:01:32 +0100 |
| commit | 3edaad9317db280db903a18ec85a70e6c32cabf9 (patch) | |
| tree | ffca975d10b64d374168e96ffe8a7fc1e5189493 | |
| parent | e7ded9d6b575870a17ce58f0192cc388984dfb4a (diff) | |
| download | bottin-3edaad9317db280db903a18ec85a70e6c32cabf9.tar.gz bottin-3edaad9317db280db903a18ec85a70e6c32cabf9.zip | |
Use better randomness
| -rw-r--r-- | main.go | 9 | ||||
| -rw-r--r-- | ssha.go | 8 |
2 files changed, 12 insertions, 5 deletions
@@ -12,7 +12,7 @@ import ( "fmt" "io/ioutil" "log" - "math/rand" + "crypto/rand" "os" "os/signal" "syscall" @@ -264,7 +264,10 @@ func (server *Server) init() error { } admin_pass := make([]byte, 8) - rand.Read(admin_pass) + _, err = rand.Read(admin_pass) + if err != nil { + return err + } admin_pass_str := base64.RawURLEncoding.EncodeToString(admin_pass) admin_pass_hash := SSHAEncode([]byte(admin_pass_str)) @@ -286,7 +289,7 @@ func (server *Server) init() error { } server.logger.Printf( - "It seems to be a new installation, we created a default user for you:\n\n dn: %s\n password: %s\n\nWe didn't use true random, you should replace it as soon as possible.", + "It seems to be a new installation, we created a default user for you:\n\n dn: %s\n password: %s\n\nWe recommend replacing it as soon as possible.", admin_dn, admin_pass_str, ) @@ -1,11 +1,12 @@ package main import ( + "log" "bytes" "crypto/sha1" "encoding/base64" "fmt" - "math/rand" + "crypto/rand" ) // Encode encodes the []byte of raw password @@ -38,7 +39,10 @@ func SSHAMatches(encodedPassPhrase string, rawPassPhrase []byte) bool { // makeSalt make a 32 byte array containing random bytes. func makeSalt() []byte { sbytes := make([]byte, 32) - rand.Read(sbytes) + _, err := rand.Read(sbytes) + if err != nil { + log.Panicf("Could not read random bytes: %s", err) + } return sbytes } |