Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:114106 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 33973 invoked from network); 22 Apr 2021 20:24:31 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 22 Apr 2021 20:24:31 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 64A861804DC for ; Thu, 22 Apr 2021 13:27:38 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_NONE autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mo4-p00-ob.smtp.rzone.de (mo4-p00-ob.smtp.rzone.de [85.215.255.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 22 Apr 2021 13:27:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619123255; cv=none; d=strato.com; s=strato-dkim-0002; b=e4WA6UDI5RwMupyJOZR4D80uEkIknBS69QD1ISwcx2JnzErjytfLf3t+zgL+5XeQ5+ lkgRID/1KyKjD5jLEPk2e4kAi3XGpUiZ/mJr5/3lbHA29TqYan5L7DmW/G3lJXtcL2/q 7vYFLgRGYQwqJAnzCijfBhOqqpsB/jpaIPGwbhoD4xNd75X70jpKwXKc3W9BG5ZmQNv6 Y6P26DUi1sunhBjipfLjsn//7dhiQMZXY64nk0yJww7FfqhiNT/hLpW/+QkzUcxO3UED 0IJj0B74wVaefhEI8HXy/8IJSoVoTV62LgrtPQER8/aibeKNtPTtJ6atwjoAAL8i7LQ/ WrPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1619123255; s=strato-dkim-0002; d=strato.com; h=Cc:To:Subject:Message-ID:Date:From:In-Reply-To:References:Cc:Date: From:Subject:Sender; bh=tFD7HIEBHDES5SmeAHrTsgZ4Pu+lPE7AJdBjTF+g1w8=; b=ls7O9tLBLnM9cHv++hWIcaesmcM1m/bpHKiXScZIZv/i67+HgwJ1kY7twy/mvHvDVi 56G07XOUuDVOTzep5SJd28zzNokMQMaJiE8UDhLGfSZDwNGhtQwCqjkFu0/2SD5sFsHG AMWMm4naL0hgn2nfrRJrY27KnCqWkrOvh6MtKF+OavzMIAgEBb97iKynhVzBrIs3cjTR tByMFNQL6Qxge7XXLdnuU6OOVHG99JaZKtJH/elO42MDh3uIWoBbrIvYuk2wxffu5JIs 05UUlzPxMcSvgS4VIIIznt4e/YPUjc6XdKwPP/q1x/NRK1UhpI6A4tpnLnZCj0sGxRBt reBw== ARC-Authentication-Results: i=1; strato.com; dkim=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1619123255; s=strato-dkim-0002; d=kelunik.com; h=Cc:To:Subject:Message-ID:Date:From:In-Reply-To:References:Cc:Date: From:Subject:Sender; bh=tFD7HIEBHDES5SmeAHrTsgZ4Pu+lPE7AJdBjTF+g1w8=; b=cTL4YW1pXbmnI9NlN/fj12QRCafht20gOHCkWmi0pcQw7jwAtZRwwhinfPGrlZB7UT 5guJUBc6+Ndvgtnvf0OPFsdRZY398GI9EDeCvv/KIjxnoOjJwy4My8TgaoHU5LULUymZ EqitlpNAKN2w6+E/3XPpujw3dtvsAw3TOW0DI5M+91DiaaYYGJUCsXOOy7Jwi9o23Cxo G3vkhfXevLiTWYck3ZiwD4hDXj7OglvFuz7qHayOVi2y0qxOkcaOMiJCY7BcvpCr652Z UEf0ziMZO2o0sAsHxC2m+1OAw7y0mDjKdtNHeraEO8sJT/xWD1ND6BIIgFO6Zt3zBrtD yjTg== Authentication-Results: strato.com; dkim=none X-RZG-AUTH: ":IWkkfkWkbvHsXQGmRYmUo9mlsGbEv0XHBzMIJSS+jKTzde5mDb8AaBYcZi8scA==" X-RZG-CLASS-ID: mo00 Received: from mail-pf1-f180.google.com by smtp.strato.de (RZmta 47.24.3 AUTH) with ESMTPSA id R0b4f3x3MKRZW64 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate) for ; Thu, 22 Apr 2021 22:27:35 +0200 (CEST) Received: by mail-pf1-f180.google.com with SMTP id h15so14866647pfv.2 for ; Thu, 22 Apr 2021 13:27:35 -0700 (PDT) X-Gm-Message-State: AOAM530bJfGDRFbIqvLZOFbnBzN6NduoszZUeyPcEMX6nQfYmCvc5wos xU9+tft53MFErUW4e4kbgsViIh/BB9SvXqBEzCQ= X-Google-Smtp-Source: ABdhPJxX+3+BYqP5Bt9O+7aUwwhuz0ltd6OWzxyWWs8TkyJzKWq4T2DsIJUDvjNYgSyNDMABM5n8p4LGi71oTJ3ojts= X-Received: by 2002:a05:6a00:1651:b029:241:afa4:92b1 with SMTP id m17-20020a056a001651b0290241afa492b1mr564469pfc.12.1619123254220; Thu, 22 Apr 2021 13:27:34 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Thu, 22 Apr 2021 22:27:25 +0200 X-Gmail-Original-Message-ID: Message-ID: To: Sara Golemon Cc: PHP internals Content-Type: multipart/alternative; boundary="0000000000006a5de605c09582b0" Subject: Re: [PHP-DEV] Binary (un)safety of password_hash() used with PASSWORD_BCRYPT From: me@kelunik.com (Niklas Keller) --0000000000006a5de605c09582b0 Content-Type: text/plain; charset="UTF-8" Sara Golemon schrieb am Do., 22. Apr. 2021, 17:27: > On Thu, Apr 22, 2021 at 12:58 AM Niklas Keller wrote: > > Thank you for your work. I think this is a really good safety check to > have. I'd however go a step further and also throw on NUL in > password_verify. > > > > You seem to assume that NUL bytes as input come from the end user, but I > think it's more likely the developer uses a hash function with raw output > as a pre-encoding, for reasons such as bringing long passwords below the > bcrypt character limit. > > > > I definitely am making the assumption you describe and it slightly > horrifies me to learn that people are using a pre-digest (though I can > understand why they would; ostensibly this should improve significance of > the input bits). > > Do you have a link to places where frameworks are doing this? I built a > contrived example which I think summarizes the behavior you described here: > https://3v4l.org/6tunp I have links to a library / blog post: https://github.com/paragonie/password_lock https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016#why-bcrypt We're probably better off returning false for verify then instead of throwing? Hash could hash a random password instead if NUL bytes are present. Best, Niklas > > -Sara > --0000000000006a5de605c09582b0--