1 files changed, 20 insertions, 11 deletions

diff --git a/auth.cpp b/auth.cpp
index 451c1ce..501eb07 100644
--- a/auth.cpp
+++ b/auth.cpp
@@ -3,8 +3,10 @@
 #include <crypt.h>
 #include <string.h>
 
-#include <stdexcept>
+#include <algorithm>
 #include <iostream>
+#include <random>
+#include <stdexcept>
 
 // crypt specified password
 std::string Auth::generate(const std::string& pw)
@@ -12,14 +14,22 @@ std::string Auth::generate(const std::string& pw)
  struct crypt_data data;
  memset((void *)&data, '\0', sizeof(data));
 
- char setting[1000];
- 
- if (crypt_gensalt_rn("$6$", 2000, nullptr, 0, setting, sizeof(setting)) == nullptr)
-  throw std::runtime_error("Error on crypt_gensalt_r()");
+ std::random_device rd;
+ std::mt19937 rng{rd()};
+ std::uniform_int_distribution<int> uid(0, 63);
+
+ std::string chars{std::string(std::string::size_type(64), char('a'))};
+ std::iota(chars.begin()     , chars.begin() + 26, 'a');
+ std::iota(chars.begin() + 26, chars.begin() + 52, 'A');
+ std::iota(chars.begin() + 52, chars.begin() + 62, '0');
+ chars[62] = '.';
+ chars[63] = '/';
+
+ std::string salt{{chars[uid(rng)], chars[uid(rng)]}};
 
  char* result;
 
- if ((result = crypt_r(pw.data(), setting, &data)) == nullptr)
+ if ((result = crypt_r(pw.data(), salt.data(), &data)) == nullptr)
   throw std::runtime_error("Error on crypt_r()");
 
  return result;
@@ -31,16 +41,15 @@ bool Auth::validate(const std::string& crypted, const std::string& pw)
  struct crypt_data data;
  memset((void *)&data, '\0', sizeof(data));
 
- size_t pos = crypted.find_last_of('$');
- if (pos == crypted.npos) {
-  std::cerr << "Warning: Bad password hash configured (format)" << std::endl;
+ if (crypted.size() < 2) {
+  std::cerr << "Warning: Bad password hash configured (size)" << std::endl;
   return false;
  }
 
- std::string setting{crypted.substr(0, pos)};
+ std::string salt{crypted.substr(0, 2)};
 
  char* output;
- if ((output = crypt_r(pw.data(), setting.data(), &data)) == nullptr) {
+ if ((output = crypt_r(pw.data(), salt.data(), &data)) == nullptr) {
   std::cerr << "Warning: Error on crypt_r()" << std::endl;
   return false;
  }