From 0c0a7b6404c5de51241cdaa3eb159d014ef51024 Mon Sep 17 00:00:00 2001 From: Daniel Vassdal Date: Wed, 2 Jul 2014 19:19:55 +0200 Subject: m_password_hash: Use out_size as HMAC-key length, as RFC2104 recommends "In any case the minimal recommended length for K is L bytes (as the hash output length)." --- src/modules/m_password_hash.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/modules/m_password_hash.cpp b/src/modules/m_password_hash.cpp index 926ba5632..37effc79e 100644 --- a/src/modules/m_password_hash.cpp +++ b/src/modules/m_password_hash.cpp @@ -43,7 +43,7 @@ class CommandMkpasswd : public Command user->WriteNotice("Unknown hash type"); return; } - std::string salt = ServerInstance->GenRandomStr(6, false); + std::string salt = ServerInstance->GenRandomStr(hp->out_size, false); std::string target = hp->hmac(salt, stuff); std::string str = BinToBase64(salt) + "$" + BinToBase64(target, NULL, 0); -- cgit v1.2.3