Daniel Micay on Twitter: "@RichFelker @IanColdwater I was curious so I checked to see if toybox was doing it wrong and that's sane: https://t.co/qAt6SpuOXF. I didn't know the BusyBox code was such an awful mess full of commented out code and hacks. Also, what the hell is up with that TLS support? https://t.co/es62HvQqTM" / Twitter

TIL busybox generates password salts from current time in usec. Does this matter? Probably not, but seems mildly sus.

123

Replying to

Huh.

Replying to

The busybox cryptpw/mkpasswd utility, or passwd command.

Replying to

and

I was curious so I checked to see if toybox was doing it wrong and that's sane: github.com/landley/toybox. I didn't know the BusyBox code was such an awful mess full of commented out code and hacks. Also, what the hell is up with that TLS support? github.com/mirror/busybox

github.com

toybox/password.c at aa16e0e2ccb366835c2aec0cb2f6e0e52497ede5 · landley/toybox

toybox. Contribute to landley/toybox development by creating an account on GitHub.

10:33 PM · Oct 16, 2021Twitter Web App

Likes

Conversation