lower salt randomize level from VeryStrong to Strong

this follows the documentation; the default is for longterm, not short lived
per-request/session rng
This commit is contained in:
psykose 2024-10-16 05:45:34 +02:00
parent 51b6dc8f3d
commit 367111171f

View file

@ -1,7 +1,7 @@
static void salt_password (string password, out string token, out string salt) { static void salt_password (string password, out string token, out string salt) {
const int SALT_BYTES = 8; const int SALT_BYTES = 8;
uchar salt_bytes[SALT_BYTES]; uchar salt_bytes[SALT_BYTES];
GCrypt.Random.randomize (salt_bytes); GCrypt.Random.randomize (salt_bytes, GCrypt.Random.Level.STRONG);
uchar salt_chars[2*SALT_BYTES+1]; uchar salt_chars[2*SALT_BYTES+1];
for (int i = 0; i < SALT_BYTES; i += 1) { for (int i = 0; i < SALT_BYTES; i += 1) {
salt_chars[2*i+0] = "0123456789abcdef"[(salt_bytes[i]>>4)&0xf]; salt_chars[2*i+0] = "0123456789abcdef"[(salt_bytes[i]>>4)&0xf];