Interoperability issue with PHP implementation (and others) when truncating long password #22
Comments
|
Hmm interessting, the 71 bytes are because the last byte needs to be a null-terminator byte. Are you sure this isn't just an issue with this specific bcrypt hasher? I |
|
Well, all other libraries works, except this one, so I'm inclined to think the issue is here. For reference, tested libraries are: Edit: I hope my comment doesn't sound too harsh. I know bcrypt is kind of a mess implementation-wise so I don't blame you 😉. I just want to go to the bottom of this issue, and hopefully fix any issues. |
|
No offense taken :) I will look into it, Im a bit out of the topic so I have to reread the issue, AFAIK since version 2a a null terminator must be present as the last characther, but maybe there are different interpretations on how to behave with 72+ long passwords. |
|
Alright 😺 Don't hesitate to ask for help, I'll assist if I can 😉 |
|
I was thinking about it, and for when looking at other implementation, I noticed that no truncation on input is ever performed. Your lib is the only one really truncating before running the bcrypt algorithm. I don't know if it's linked to the way the algorithm is implemented, or the platform limitation. Maybe if we simply use a "pass-through" and let the algorithm naturally truncate the input, the issue won't be seen anymore? Just a thought. |
|
I wanted to simulate the way, I understood, other bcrypt implementations to work - i.e. I derived the raw hashing algorithm from jBcrypt which does not truncate or have an opinion on hash length, therefore I wanted to "correctly" truncate the input to 72 byte (ie. 71+null terminator) - but let's see if this is correct. My idea ist to provide a simple "hack" for v0.9.0 and do a more elegant fix in v1.0.0 in combination with #27 |
|
After revisiting the issue, I'm still quite sure my implementation is correct: Bcrypt uses blowfish internally which uses 18x32bit words, i.e. the absolute maximum possible byte length that the hash can process is 72 bytes. According to this since version That being said, to be able to be compatible, I altered the implementation to allow a See PR #28 Reference: |
|
@Indigo744 I, again, appreciate your input for #28 |
|
Thank you! I'll look into it. If you can wait a bit, we have some more tests coming in tomorrow. |
|
#28 is merged |
Hello,
Interoperability is quite important for us, since we have 4 different software developed in different languages (Java, C#, C++, PHP) using the same database.
We have detected a very serious interoperability issue with this library when dealing with long password (and truncating strategy).
If we generate a hash like this:
With password =
We obtain hash =
$2y$12$BhmM4lJ91dMTHQoh3XgxY.QZg2j1EfH6DpiwmgufAAHImqCSvA/b.If we take this hash and try to verify it using PHP (using password_verify()), the check will fail.
You can quickly try it using this handy online tool: https://bcrypt-generator.com
After looking into the code, we though that the issue could come from the truncating strategy.
We tried overriding the
MAX_PW_LENGTH_BYTE:The new hash generated was
$2y$12$wHUr.PTUQPb7.CsK/0jHq.G4m6uIiHinBDBsWf2/cnwwwANZceQYmAnd this one works:
The text was updated successfully, but these errors were encountered: