Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not use 0 in the generated temporary password #448

Closed
szszszsz opened this issue Jun 6, 2020 · 0 comments
Closed

Do not use 0 in the generated temporary password #448

szszszsz opened this issue Jun 6, 2020 · 0 comments
Labels
good first issue prio:high
Milestone
1.5

Comments

@szszszsz
Copy link
Member

szszszsz commented Jun 6, 2020

libnitrokey processes the binary password with strcpy, thus binary 0 might shorten the temporary password. Do not include 0 value in the generated pass to workaround this bug for backwards compatibility.

Connected: Nitrokey/libnitrokey#180

nitrokey-app/src/GUI/Authentication.cpp

Lines 122 to 129 in 2151df4

static std::uniform_int_distribution<unsigned char> dist(0, 0xFF);
auto temporary_password_length = 25;
QByteArray tmp_p(temporary_password_length, 0);
auto size = tmp_p.size();
for (int i = 0; i < size; i++){
tmp_p[i] = dist(mt);
}

@szszszsz szszszsz added this to the 1.5 milestone Jun 6, 2020
szszszsz added a commit that referenced this issue Aug 11, 2021
@szszszsz
Do not use 0 in the generated temporary password
14e991a 
Fixes #448
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue prio:high
Projects
None yet
Milestone
1.5
Development

No branches or pull requests
1 participant
@szszszsz