Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:75697 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 84794 invoked from network); 19 Jul 2014 15:27:45 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Jul 2014 15:27:45 -0000 Authentication-Results: pb1.pair.com header.from=ircmaxell@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=ircmaxell@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.175 as permitted sender) X-PHP-List-Original-Sender: ircmaxell@gmail.com X-Host-Fingerprint: 209.85.220.175 mail-vc0-f175.google.com Received: from [209.85.220.175] ([209.85.220.175:40715] helo=mail-vc0-f175.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 05/20-16457-F6E8AC35 for ; Sat, 19 Jul 2014 11:27:44 -0400 Received: by mail-vc0-f175.google.com with SMTP id hu12so9278139vcb.6 for ; Sat, 19 Jul 2014 08:27:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=FyWJ1jKxNyJ5lKqC44+uVj66PZ1P+MDyoVeShUFqWg0=; b=tzMbNqgEXj/ZRD3PdJLyy04VhYyZvxXGusqGWMV+z1T4GChsq25cEmlaivur0L0rbH GtwsrxQtgFdI/IeRmxW3b8oo02Pcsr8VEB5zWyWOO75GyOr1roXM77ksWQz5C1Khtfdm tfOkZWpWh0ilR3s2a18HFcB/9LCVRXYduxJb9QBv9XMdt6eYDiiMM40Sv7n4WIAqntm3 YDAnWlbRPv31X99do8Fx4yUmT+u3vDqWj+kH6LiFtfAW8wY0C3AZUIHqguUu2pnVCTsK GTd8VNPhs6oRflLAdvaheFJAkHjPbg9Pkqk3v+lpIkua/XnTkGqBP6GmM/A25YUGEXu6 06gw== MIME-Version: 1.0 X-Received: by 10.221.38.129 with SMTP id ti1mr3724452vcb.9.1405783660780; Sat, 19 Jul 2014 08:27:40 -0700 (PDT) Received: by 10.58.45.137 with HTTP; Sat, 19 Jul 2014 08:27:40 -0700 (PDT) In-Reply-To: References: Date: Sat, 19 Jul 2014 11:27:40 -0400 Message-ID: To: Yasuo Ohgaki Cc: Adam Harvey , Tjerk Meesters , Sara Golemon , "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] crypt() BC issue From: ircmaxell@gmail.com (Anthony Ferrara) Yasuo > I'll suggest users to use SHA512 raw output as password to > remove 72 chars limitation if it is needed. Then you either misunderstood what I was saying, or completely ignored it. > Raising E_NOTICE for too long password for PASSWORD_BCRYPT > makes sense. I'll add it later. > > https://bugs.php.net/bug.php?id=67653 Please, don't change anything without first proposing an RFC so that sufficient discussion can occur. Literally every single person in this thread has disagreed with you, yet you want to go ahead and make changes. It's not saying that you are wrong, but that discussion needs to happen before any changes to security sensitive code and documentation. Also, Deprecating crypt() without first discussing it (and having an RFC to vote on) is not cool (and has been reverted): http://svn.php.net/viewvc/phpdoc/en/trunk/reference/strings/functions/crypt.xml?r1=333973&r2=334296 > Generally speaking, it would not be serious issue. 72 bytes constant prefix > would > not be used most likely. Correct. So if it's not a serious issue, why are we talking about adding serious warnings to documentation pages (big red boxes), and notices and pre-hashing? > However, bug like this in "authentication" code must be detected and > fixed. It's not a bug. It's by design. You could argue if it's a good design or not, but it's very much by design. > If password should be truncated, it should be truncated by app developers > explicitly and > notified users that their password had been truncated. IMHO. We disagree. So rather than just committing changes, why not draft up an RFC with your suggestions, which can be discussed and voted upon? > There's already a notice about this in the password_hash() docs, one that > almost looks like is designed to scare users, which is bad. Throwing an > E_NOTICE will cause more problems than it would supposedly solve. I agree 100%. It's on my list of things to do to "clean up" that warning, to word it to be less scary. And I agree 100% on the notice side as well. > Application developers should just state this limitation on their > registration/password change pages, anything else is pointless. I don't think so. If the end user enters a 72 character+ password, the chances of a collision because of the truncation are so small that it's not worth worrying about. However, it's worth documenting, as what you don't want is people inventing their own crypto by prefixing their own secret: password_hash(hash('sha512', SECRET_KEY) . $password, PASSWORD_DEFAULT) Which would then always produce the same hash (since the sha512 hash is 128 bytes long, truncation would happen too early). We should be educating people to avoid their own crypto. That was the entire point of the password_hash APIs. Make it so simple that it's difficult to screw up. Yet people will always find a way. The only way to solve that problem is education. And adding big red boxes isn't education. It's fear. Anthony