MakeSalt function question

[bladewhistle]

Nice license library.

But I have aquestion about the salt generation.

It seems explicitSalt and implicitSalt are all generated by MakeSalt when generation a license.

In code below:

bool MakeSalt(Salt& salt)
{
    unsigned char tmp[32] = {0};

    std::string encoded;
    EncodeBase64(tmp, 32, encoded);
    salt = encoded;
    return true;
}

the salt based64 with empty string alwayas be 'AAAAAAAAAAAAA...', which will cause all salt be same. It will not be safe for usage. Is it necessary to customize the salt value with any interface?

[dererror33]

Of course. Use random generator.

[bladewhistle]

Thanks for quick reply.

I mean the license library should provide an interface to set the salt from outside. what do you think?

[dererror33]

"outside" where is it from?

[bladewhistle]

From my debug, I mean, currently the salt can be set to License instance directly. But when try to save license, in update method of 'LicenseManager'(line 483, 484), the salt will be force set by 'MakeSalt' method(with fixed base64 value 'AAAAAAAAA...'). So developer can only change this source code to update salt.