- if (passphrase_read(tag, PMODE_VERIFY, buf, sizeof(buf)))
- return (-1);
-
- /* --- Extract the key data --- *
- *
- * On the front, put four random bytes to act as a passphrase salt (which
- * remain in the clear), and four zero bytes to be able to spot duff
- * passphrases when unlocking.
- */
-
- DENSURE(&d, 8);
- rand_getgood(RAND_GLOBAL, d.buf, 4);
- memset(d.buf + 4, 0, 4);
- d.len += 8;
+ DENSURE(&d, RMD160_HASHSZ * 2);
+ rand_get(RAND_GLOBAL, d.buf, RMD160_HASHSZ);
+ d.len += RMD160_HASHSZ * 2;