Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:91976 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 78085 invoked from network); 28 Mar 2016 07:22:17 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 28 Mar 2016 07:22:17 -0000 Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.53 as permitted sender) X-PHP-List-Original-Sender: pierre.php@gmail.com X-Host-Fingerprint: 209.85.218.53 mail-oi0-f53.google.com Received: from [209.85.218.53] ([209.85.218.53:34182] helo=mail-oi0-f53.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 08/FA-03797-7ABD8F65 for ; Mon, 28 Mar 2016 02:22:16 -0500 Received: by mail-oi0-f53.google.com with SMTP id o62so47931828oig.1 for ; Mon, 28 Mar 2016 00:22:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=iJGNk3i56YNMUZLipzXOdmktKGqbUEVKqoquHY4KYrs=; b=PInsDwa72QkMoy0hCQgu4kSIN0yf7RhV/6hz5NLNK+45OB9QG/LUfp/MrUr55ESW/3 wqzzMxXJ4ANew9IHCVKVcMeJb1sMKHeBF3kLKRL91+Vgh5JgNjUbUkDYLEQGT2aB4yUj t/kjYN3FfZ8I6rgB1uSYpkQw0dJNUySDrHdWsNg6A+fMj3IFChRPBrAVa8MW4TUxTzyo yBAchxeXS2zAWGzMMUf/2qMwlSQxRiWqSoh3re9NfYYuZqHFqTWUmYvjGbjj21jOZC6t 0emT8zOMkQ/groynmjcmQ87s+/6Ipy0gsTbafjcpEareifG6JvSfVjLph0ZLz+z973Wm TrrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=iJGNk3i56YNMUZLipzXOdmktKGqbUEVKqoquHY4KYrs=; b=SOAphX6y3ZmCiuGYowA4lW/EGfqxlAkXEBfZrM1P3iz5zR2EC4Yj1NHjr+dqJ1mCIS UNDav5RvEDwvYlAS52LboOy4y/UAnuTYYMuHf0VNYKZoLFriBAa9k3OhXfYW980UWJ+e Vl2zFLbrkZDZyit6OObbaTT5fAqMzBPq+ncjxFpW8cS6YxRF566TKPTZ1cjA1TyE52Rw mvRZCq6TL5l/m4FRVJOlu0Au+F9v1ceKAN5QiF8q4bxCrrQ2tLeXY+OnZS5KLG9DKidm mRIJQZELA0Czp5foWIqYle3Tem0kohyHdk+CryACka5aU/clC23Y7asWsfOMduPWTtPL sp9g== X-Gm-Message-State: AD7BkJIoArIFV9Hn7dI1yCgNOKbllpwTSQzQGbt61dmyxmlLo69ACrmOUf02vHV9XaSkiOcwfF0vi1xi0mpKnw== MIME-Version: 1.0 X-Received: by 10.157.15.209 with SMTP id m17mr8293134otd.23.1459149733239; Mon, 28 Mar 2016 00:22:13 -0700 (PDT) Received: by 10.202.215.193 with HTTP; Mon, 28 Mar 2016 00:22:13 -0700 (PDT) In-Reply-To: <20160327151603.GA31135@openwall.com> References: <20160327151603.GA31135@openwall.com> Date: Mon, 28 Mar 2016 14:22:13 +0700 Message-ID: To: Solar Designer Cc: PHP internals Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] crypt_blowfish salt padding From: pierre.php@gmail.com (Pierre Joye) Hi Alexander, On Sun, Mar 27, 2016 at 10:16 PM, Solar Designer wrote: > Hi, > > This commit: > > commit 03315d9625dc87515f1dfbf1cc7d53c4451b5ec9 > Author: Pierre Joye > Date: Mon Jul 18 21:26:29 2011 +0000 > > - update blowfish to 1.2 (Solar Designer) > > documented this hack: > > $ git show 03315d9625dc87515f1dfbf1cc7d53c4451b5ec9 | fgrep -i hack > + if (tmp == '$') break; /* PHP hack */ \ > + while (dptr < end) /* PHP hack */ > > I vaguely recall a PHP developer (Pierre?) mentioning this at the time, > and I guess I didn't object strongly enough - perhaps because the hack > itself was in there before. I cannot remember why I added this comment there but as far as I can tell now this code was present before, actually since the very first version I use when I first make blowfish always available for PHP using your implementation. See: https://github.com/php/php-src/commit/1e820eca02dcf322b41fd2fe4ed2a6b8309f8ab5#diff-243b169f3d5e753b5314e8eb994e36bc I cannot say why it is specific to PHP. Is it something that may have been present in your implementation earlier and then removed but kept in PHP for some BC reasons? > Well, this PHP-specific behavior confuses people in several ways. It's > especially weird that the behavior may be seen or may be gone on the > same PHP version depending on whether it uses PHP's bundled (and hacked > as above) copy of crypt_blowfish or an implementation of bcrypt provided > by the underlying system. Maybe PHP should not use the system's crypt() > for whatever hash types it has bundled code for - and not only because > of this issue. > > As to the hack above, I didn't review it closely (I disapprove of it > anyhow), but maybe it doesn't even work reliably when the code is > compiled in: some people are reporting that salts are padded with dots > (which correspond to all zero bits) and some that salts are padded with > '$' signs. I've just reproduced the latter on CentOS 7.1: > > $ php -r 'echo crypt("", "\$2a\$05\$0123456789"), "\n";' > $2a$05$0123456789$$$$$$$$$$$.UQ9ZZoltOie8zhLfF5KWLrJBeoos.S6 > $ php -v > PHP 5.4.16 (cli) (built: Jun 23 2015 21:17:27) > > Maybe there's an extra hack somewhere causing this, but I can't find it > easily. I'm not looking at the exact branch/package for CentOS, though. > Maybe it was a temporary PHP 5.4 thing. > > While padding with dots (zero bits) produces valid bcrypt hash strings > (it's just that the input salt strings were invalid), padding with '$' > signs produces invalid bcrypt hash strings. > > In practical terms, padding with dots (zero bits) is an unpleasant > surprise for people who choose to store their invalid salts and hashes > into separate database fields (and then authentication stops working > after some upgrade or migration, where the new system provides its > non-hacked bcrypt), and padding with '$' signs is also a similar > unpleasant surprise for people who store the full hash strings as > returned by crypt(). While those strings might work in the same way > with some bcrypt implementations, they may also be rejected (ideally, > like upstream crypt_blowfish does) or processed differently. > > I'm not sure whether/how PHP should recover from this now. -- Pierre @pierrejoye | http://www.libgd.org