Cheap Salt? #40

Closed
StormTide opened this Issue Jan 7, 2014 · 1 comment

Projects

None yet

2 participants

@StormTide

https://github.com/Yubico/yubikey-personalization/blob/6f669f5a1a1b4b02a10c82bdb96e8c077e01481b/ykpers.c#L352

Salting from time seems like a questionable activity. Is there any known scenario where this is called into?

@klali
Member
klali commented Jan 9, 2014

This code is called into when the CLI is running on windows and no aeskey is supplied.

That whole code-path is weird and of questionable usefulness, I'm about to push a line of commits that throws an error in that function instead and stops using it from the CLI.
Thanks for bringing our attention to it!

/klas

@klali klali closed this in bb87c6c Jan 9, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment