Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:114104 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 12971 invoked from network); 22 Apr 2021 16:01:38 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 22 Apr 2021 16:01:38 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 19100180501 for ; Thu, 22 Apr 2021 09:04:42 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-qv1-f51.google.com (mail-qv1-f51.google.com [209.85.219.51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 22 Apr 2021 09:04:41 -0700 (PDT) Received: by mail-qv1-f51.google.com with SMTP id gv2so12961746qvb.8 for ; Thu, 22 Apr 2021 09:04:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7RszQym8/cd4zqyCUlq0Qc13VIcFnHnZnKLJ28C9tpI=; b=W0EwfGr5CuE351Um7oHJA0fE0UC+A7bjFsmtQsplqJZsr0GgwhMAU5MfAKvOkWwyIz lKPsEQWh6qtb1bwQAxE6H96tKfAZDEjJwfJcGOZG0Hg+J6IMlM2byfs0ufxnSYaQcu7r y4YWQCLNemDwp8c46qVPxu2hIB3gTWbIcFu5EZlSsdxU96pl6jCTR32LD/xtT3hYo5DM p3dla7eJA9XyWLQeXxyPCjYr4ZC6u0VmdLk2fNW8FA/Qov6nGAjlypohdelhyZB/HOj6 zZoUdaINbsE0CpTfGm+oC/n2+UOZRih5WDsuq38AsX0jUK5fJBbLku10igIEV/E5i0KZ tLTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7RszQym8/cd4zqyCUlq0Qc13VIcFnHnZnKLJ28C9tpI=; b=g3Xe++3OM8H6YmRIqqUEX/N7jv7tXluXNlVynXanO90g35pSXL6SmBUN4h+HYvSgEW hlWiDcray6OTBG+bzpmIAh+gba3EZ1MMBQ62EmXPNifYk8OM7NfqxLgmpfecQyrzs3LU SSZ/ZmnDPbvZ+9A1Ng4IYZBzMaJJySgdIfyKPZdw0kLjoBKtaPzGZ4oLplgxVeK0erkV jEgapLU1qcCJQtakUAPEUVaAaC5Rk82FoGoH44KrwV42xxcUFV99yTIboVa2tBOFlfyK /CT3jNj5kbFQAz72NQHqxZQBwCW7YPbwcG6l8COktg4Jeq8XlNOliIvD5uADgCgrUF6C xO1Q== X-Gm-Message-State: AOAM530XHbD4Ri5vMqcGurxUK6EfSWAcLHuB3DpnxuLEz1ooCwye2zbM ifMpqwQzgYKa1GIS0fWKAFVaIf/zZMjiTlDepX9LgR9zFW4DTw== X-Google-Smtp-Source: ABdhPJwTdWuhU5dxGqyFn5XVCdSJXeM3IDHU4DSn1W7pF3fSs8wRmUtK5yMlW1YMqL4AdEUhulgKnJaBTcTiooj+3EM= X-Received: by 2002:ad4:5482:: with SMTP id q2mr4469484qvy.36.1619107478699; Thu, 22 Apr 2021 09:04:38 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Thu, 22 Apr 2021 17:04:28 +0100 Message-ID: To: Sara Golemon Cc: Niklas Keller , PHP internals Content-Type: multipart/alternative; boundary="0000000000001f032b05c091d6d4" Subject: Re: [PHP-DEV] Binary (un)safety of password_hash() used with PASSWORD_BCRYPT From: tekiela246@gmail.com (Kamil Tekiela) --0000000000001f032b05c091d6d4 Content-Type: text/plain; charset="UTF-8" I don't like throwing exceptions for pretty much the same reasons as Nikita described. This is a rather limited attack vector. It depends either on the user going out of their way to make their password vulnerable or on the developer introducing the vulnerability with the use of another function mangling the passwords. The latter is more likely. In your example, you had to make the output of MD5 binary to make the function fail. In fact, as far as I know, browsers strip NUL bytes or convert them to Unicode unknown character. See spec https://html.spec.whatwg.org/multipage/parsing.html#parse-error-unexpected-null-character If developers want to add such measures as part of defence in depth then the onus is on them to deal with passwords containing NUL bytes. As for PHP's behaviour, what we could do is strip NUL bytes before hashing with bcrypt. This would still weaken passwords, but at least wouldn't discard the rest of the string. We could also add a warning to the manual explaining that the function is not binary safe. --0000000000001f032b05c091d6d4--