diff options
author | Jan Kundrát <jkt@flaska.net> | 2014-10-03 21:46:31 +0200 |
---|---|---|
committer | David Pursehouse <david.pursehouse@sonymobile.com> | 2014-11-20 09:56:39 +0900 |
commit | 9f8a45f4cb4beb956fd370a5b9f48558e534f7f3 (patch) | |
tree | 1f9eca672162c37303f5d68aa65c9da12b68c6bc | |
parent | 3921163d4866f6e157ca5eac1f1e86cc2f42a9a9 (diff) |
Do not throw away random bytes from the CSPRNG
The older code generated LEN bytes of cryptography-safe random data
and applied the base64 encoding on top of that. The base64
transformation, however, inflates the size of the data by 33%, and
this means that only 9 bytes of randomness were actually used.
Unless the goal was to discard some of the CSPRNG output to make sure
that we do not leak too much stuff to a possible attacker, of course
("attacker" == "user generating passwords"). If that is the case, let
me know and I'll send a patch clarifying that this is by design.
Change-Id: Ie90ccc8012b3f6b9f80b74b879b713bc6959a874
-rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java index f7061e3738..2e0a91c179 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/PutHttpPassword.java @@ -124,8 +124,8 @@ public class PutHttpPassword implements RestModifyView<AccountResource, Input> { rng.nextBytes(rand); byte[] enc = Base64.encodeBase64(rand, false); - StringBuilder r = new StringBuilder(LEN); - for (int i = 0; i < LEN; i++) { + StringBuilder r = new StringBuilder(enc.length); + for (int i = 0; i < enc.length; i++) { if (enc[i] == '=') { break; } |