Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:114095
Return-Path: <claude.pache@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 66865 invoked from network); 22 Apr 2021 08:16:59 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 22 Apr 2021 08:16:59 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 71CA01804DB
	for <internals@lists.php.net>; Thu, 22 Apr 2021 01:19:58 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <claude.pache@gmail.com>
Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Thu, 22 Apr 2021 01:19:57 -0700 (PDT)
Received: by mail-ed1-f50.google.com with SMTP id j12so27345223edy.3
        for <internals@lists.php.net>; Thu, 22 Apr 2021 01:19:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=AfOKFeY8dNxuEzzNhLijSDgnzhWaOJnRJm06snKJobQ=;
        b=KfwMIAdh43Bo7E//ssCL94v8NCXUoHL7EGt/exZuWcIobOMiyNbj7aTkshvrPTc8Cj
         nGV3c6pVfzLPuwccV5pTQKqB/hBkw3Qs9Jts0oJNZ+73U+ExJV7e4jzf40osPftSrgbo
         h9eQ4Hi0BNsw3nPrSJdeHLBgpFcetyNSzc2F/0uuZAGbXSjNpm7gO5jM3e1RsnaVsz0x
         CLCD2Fht6J87uqUaOhMgoKr0PMGmf9Teq/K08tGhpz3CFTO3sm5QAuIWbQ2QJKnQXE4d
         EDTdeuH4goaIVxofMIXfnYWXBUkZlIT5Z9K4G1m2y8UedAEnoa4e+so7SRnTaBDSvdRJ
         4pCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=AfOKFeY8dNxuEzzNhLijSDgnzhWaOJnRJm06snKJobQ=;
        b=Y1mfEGJSLfmMcfu/hvpwWjhTK23QYpMHz6wWB+WSsXl9unmNVhgcKRYNlG2w6v9FKD
         Nxr5T4rO+MUzDd5p5DBHu8mxc9KFvKcO5fWeidGsmsYmrnRWEAogQjBo5FpTAgVwRi09
         AK2KjX8d4CgXGSwMC4XmYrNZMOQYa6OIH126MyedmDzdLg/enbUDNViKFEujmUBq3vDg
         xqOUElmBUoK6AhYD7gKevfkuBv9Qqg3l4nxseB+c7GnI2i/cJBcinzqXjxZlqzqcZZ13
         34/0xJgT0E9LAGLbkEQHoVQNk0RF57jX0FWETR0064Kh63J/qhair0E+AiHsbpCcmtj7
         Dvow==
X-Gm-Message-State: AOAM5300vYEbBq67VICPHkTxFl8c4ZEkAs/aKS6MqkeVGIYibxKLiyP2
	/YwSbkCcq9Ss7rhAghAPs1zo7uoqcXY=
X-Google-Smtp-Source: ABdhPJyLnQ7IZ23+eay7uEGk31FX0O9BnYGjQWr02V7Vu7ln8r/zD60x9+eH0fpHRqaAGr8Qa+5ZEg==
X-Received: by 2002:a05:6402:b31:: with SMTP id bo17mr2252621edb.46.1619079596881;
        Thu, 22 Apr 2021 01:19:56 -0700 (PDT)
Received: from claude.fritz.box ([89.249.45.14])
        by smtp.gmail.com with ESMTPSA id p9sm1414788edu.79.2021.04.22.01.19.56
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 22 Apr 2021 01:19:56 -0700 (PDT)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
In-Reply-To: <CAESVnVpCK87GL=+nCvXuT7YS6-QPhF3=8LZSZuAusGFXoT006A@mail.gmail.com>
Date: Thu, 22 Apr 2021 10:19:56 +0200
Cc: PHP internals <internals@lists.php.net>
Content-Transfer-Encoding: quoted-printable
Message-ID: <AD48D597-6189-4035-B890-C5F5257BDCDF@gmail.com>
References: <CAESVnVpCK87GL=+nCvXuT7YS6-QPhF3=8LZSZuAusGFXoT006A@mail.gmail.com>
To: Sara Golemon <pollita@php.net>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Subject: Re: [PHP-DEV] Binary (un)safety of password_hash() used with
 PASSWORD_BCRYPT
From: claude.pache@gmail.com (Claude Pache)



> Le 22 avr. 2021 =C3=A0 03:47, Sara Golemon <pollita@php.net> a =C3=A9cri=
t :
>=20
> I have this notion that we've discussed this before, I'm certain I =
knew
> that bcrypt wasn't binary safe, but someone reminded me that
> password_hash() could be called with null bytes in the password itself =
and
> that is just SCREAMING to have some safety-rails put on IMO.
>=20
> So I've thrown together https://github.com/php/php-src/pull/6897 to =
test
> that argon2 algos behave well (they do!), and modified the bcrypt algo =
to
> throw an exception if you try to hash a new password containing a =
null, but
> only warns if you've got a null when running password_verify().  My
> reasoning for the latter is because anyone trying to auth with a null
> character that succeeds does definitely know enough of the password to =
pass
> by simply not passing the null, so we shouldn't break existing users =
who
> already have hashes.  This only aims to break users who would =
otherwise be
> able to include a null, because they would have a false sense of =
security
> having their password truncated and can remedy that in their password
> choosing.
>=20
> Since this does introduce a (small) break, I'm putting it to the list =
for
> opinions.
> If nobody objects, I'll merge this (8.1 only) at the end of the month.
>=20
> -Sara

Hi,

The intention is good, but the solution not so, especially for =
password_verify. You introduce a new, subtle way for this function to =
behave unexpectedly; because currently, password_verify does not =
currently trigger warning when given input of correct type. (Or if it =
does, it must be documented and fixed, because it would be a bad thing.)

Also, the warning message you introduced contains =E2=80=9C... this hash =
should be regenerated using ...=E2=80=9D. There is already a dedicated =
function for conveying that information in a coder-friendly way, namely =
`password_needs_rehash()`: let=E2=80=99s use that (it implies that the =
default algorithm should be changed).

=E2=80=94Claude=