Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:114090 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 35676 invoked from network); 22 Apr 2021 01:45:12 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 22 Apr 2021 01:45:12 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 7817F1804CC for ; Wed, 21 Apr 2021 18:48:06 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: **** X-Spam-Status: No, score=4.0 required=5.0 tests=BAYES_50, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-lj1-f176.google.com (mail-lj1-f176.google.com [209.85.208.176]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Wed, 21 Apr 2021 18:48:05 -0700 (PDT) Received: by mail-lj1-f176.google.com with SMTP id b38so8796850ljf.5 for ; Wed, 21 Apr 2021 18:48:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=VfE7pu7+MoZq/9QoGb47fD/JaaJWwgDcGTDF5V9lsa8=; b=F9xElilfhjyxepeRHkE8WcZarZtrgBxe5Vhci4201/EtWO0bHpm+Li9kx/cKSVBy+v 8z7yNvACwHpopIs0bj1i/swCLr+AlPmElqoNnIeFmgeSI8H9otICXiQYeDPNr3Tm+l4a UvzrVAY306piSotiJdGz7qT87m2j7ItD9aQ8gI+A8bStV+xPQmfuvI2MZU7tQH5a4w5t V6Dth+CnFVqUiRqTzlm4aUGfeZnKE2JnOutZBREzkWsVzCHF7QYdTZl9EC+5nCyX71K5 CFvSHaLR1ypFjyud8KE9ambTjDCt2oQFib6fznXPmED1RKhNKgPhRk/zpVt+rpEh/28U Ct9Q== X-Gm-Message-State: AOAM530Z8ybJvJml62SjEOZHLWUF5b2qMCAnmdWw3WLNKorW8SVYRB/G UcoVR6F3AqYs+qozBitZ8TAV/KoSUgLuRXa0ePf/kz6ZFp0F8H00 X-Google-Smtp-Source: ABdhPJzLsdOdNLvhlRMFv0hRtZrFNKvIgGtLNoZEwANPiQLd8OCrCncYO6IxURvNbo224Bo7vNbMZvzOOYj56tjZnms= X-Received: by 2002:a2e:5716:: with SMTP id l22mr773949ljb.244.1619056081797; Wed, 21 Apr 2021 18:48:01 -0700 (PDT) MIME-Version: 1.0 Date: Wed, 21 Apr 2021 20:47:51 -0500 Message-ID: To: PHP internals Content-Type: multipart/alternative; boundary="000000000000a097fc05c085decd" Subject: Binary (un)safety of password_hash() used with PASSWORD_BCRYPT From: pollita@php.net (Sara Golemon) --000000000000a097fc05c085decd Content-Type: text/plain; charset="UTF-8" I have this notion that we've discussed this before, I'm certain I knew that bcrypt wasn't binary safe, but someone reminded me that password_hash() could be called with null bytes in the password itself and that is just SCREAMING to have some safety-rails put on IMO. So I've thrown together https://github.com/php/php-src/pull/6897 to test that argon2 algos behave well (they do!), and modified the bcrypt algo to throw an exception if you try to hash a new password containing a null, but only warns if you've got a null when running password_verify(). My reasoning for the latter is because anyone trying to auth with a null character that succeeds does definitely know enough of the password to pass by simply not passing the null, so we shouldn't break existing users who already have hashes. This only aims to break users who would otherwise be able to include a null, because they would have a false sense of security having their password truncated and can remedy that in their password choosing. Since this does introduce a (small) break, I'm putting it to the list for opinions. If nobody objects, I'll merge this (8.1 only) at the end of the month. -Sara --000000000000a097fc05c085decd--