Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:114103 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 9780 invoked from network); 22 Apr 2021 15:24:41 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 22 Apr 2021 15:24:41 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 324CE1804DB for ; Thu, 22 Apr 2021 08:27:42 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: * X-Spam-Status: No, score=1.4 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-lj1-f177.google.com (mail-lj1-f177.google.com [209.85.208.177]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 22 Apr 2021 08:27:41 -0700 (PDT) Received: by mail-lj1-f177.google.com with SMTP id u4so52306325ljo.6 for ; Thu, 22 Apr 2021 08:27:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mEt58/wi3cf/erNZTnLjJgiR9xIAEgWLmkP0vnMFQyA=; b=KIIiwPHuIpXb53+LnGnn7YwQ2GFRGQvqQy8PLvTqXEs/S3ojMGy0JBQw2EplQt+k7d SnPkYSkV5EabvOMpY9/nBJQ28DNEBeR3XUwNKxf9DOdT/Nxbox4kxFemEcr2jPZXLZVZ gp1bM6pzpspWccDfOMp5rlxNFTtGZ8rP6YL7DCTSW/pwO4fb9asjtxDKHt30jrzLCWmG 3Rg6LGvEbvQzggdFXJFU7hbqG/CJpL7fdPbMMBGilEalfHUY2Z/Suop8ft/9P1PPTC1P Roz/Nk264vFg0BCpP3lbye9vVZ89DROCRnedebJyjHjfntxeAA68MzTulm8D3xMq2M66 D18g== X-Gm-Message-State: AOAM532JpFeUREHUZ1qrbz8eUgkbT0PNWppK/kL+D+xVt20nfDZJUK75 TmCra4LgUXUxFTos6/lXfroPPuXe4L12sujX8g0W5kTrzN4WxQBm X-Google-Smtp-Source: ABdhPJx88bn31i6lxRb40jzYtGJHh84ARX9JC4Tq4p8rPLoPUEpZP+F9BhBJ3uXDWJEOLKd9rit3/cs3Une82G9zxoM= X-Received: by 2002:a2e:a543:: with SMTP id e3mr2796059ljn.433.1619105257774; Thu, 22 Apr 2021 08:27:37 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Thu, 22 Apr 2021 10:27:27 -0500 Message-ID: To: Niklas Keller Cc: PHP internals Content-Type: multipart/alternative; boundary="000000000000be7b3c05c0915102" Subject: Re: [PHP-DEV] Binary (un)safety of password_hash() used with PASSWORD_BCRYPT From: pollita@php.net (Sara Golemon) --000000000000be7b3c05c0915102 Content-Type: text/plain; charset="UTF-8" On Thu, Apr 22, 2021 at 12:58 AM Niklas Keller wrote: > Thank you for your work. I think this is a really good safety check to have. I'd however go a step further and also throw on NUL in password_verify. > > You seem to assume that NUL bytes as input come from the end user, but I think it's more likely the developer uses a hash function with raw output as a pre-encoding, for reasons such as bringing long passwords below the bcrypt character limit. > I definitely am making the assumption you describe and it slightly horrifies me to learn that people are using a pre-digest (though I can understand why they would; ostensibly this should improve significance of the input bits). Do you have a link to places where frameworks are doing this? I built a contrived example which I think summarizes the behavior you described here: https://3v4l.org/6tunp -Sara --000000000000be7b3c05c0915102--