aboutsummaryrefslogtreecommitdiffstats
path: root/doc/manual
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-03-23 15:45:50 -0400
committerJack Lloyd <[email protected]>2017-03-24 10:55:38 -0400
commitc0901e801d72bb2fdf3a205f6debf5ed954567f8 (patch)
treea959f1ce5fb348d8160938a5bb4fb2070f3a6c71 /doc/manual
parentc936086354203ddf275435fff611d3e2c99e6975 (diff)
Fix incorrect password truncation in bcrypt password hashing.
The 56 char bound is bogus; Blowfish itself allows at most 448 bits in the key schedule, but Bcrypt's modification allows up to 72 chars for the password. Bug pointed out by Solar Designer. Also reject work factors 0...3 since all other extant bcrypt implementations require at least work factor 4. Adds more bcrypt tests generated by crypt_bcrypt and OpenBSD's version.
Diffstat (limited to 'doc/manual')
-rw-r--r--doc/manual/passhash.rst25
1 files changed, 21 insertions, 4 deletions
diff --git a/doc/manual/passhash.rst b/doc/manual/passhash.rst
index b3db1f3e7..725fc5535 100644
--- a/doc/manual/passhash.rst
+++ b/doc/manual/passhash.rst
@@ -85,12 +85,22 @@ Bcrypt provides outputs that look like this::
"$2a$12$7KIYdyv8Bp32WAvc.7YvI.wvRlyVn0HP/EhPmmOyMQA4YKxINO0p2"
+Currently only the `2a` bcrypt format is supported.
+
.. cpp:function:: std::string generate_bcrypt(const std::string& password, \
RandomNumberGenerator& rng, u16bit work_factor = 10)
- Takes the password to hash, a rng, and a work factor. Higher values
- increase the amount of time the algorithm runs, increasing the cost
- of cracking attempts. The resulting hash is returned as a string.
+ Takes the password to hash, a rng, and a work factor. Higher work
+ factors increase the amount of time the algorithm runs, increasing
+ the cost of cracking attempts. The increase is exponential, so a
+ work factor of 10 takes roughly twice as long as work factor 9.
+
+ The resulting password hash is returned as a string.
+
+ Work factor must be at least 4. The bcrypt format allows up to 31,
+ but Botan currently rejects all work factors greater than 18 since
+ even that work factor requires roughly 30 seconds of computation on
+ a fast machine.
.. cpp:function:: bool check_bcrypt(const std::string& password, \
const std::string& hash)
@@ -105,7 +115,9 @@ Passhash9
----------------------------------------
Botan also provides a password hashing technique called passhash9, in
-``passhash9.h``, which is based on PBKDF2. Its outputs look like::
+``passhash9.h``, which is based on PBKDF2.
+
+Passhash9 hashes look like::
"$9$AAAKxwMGNPSdPkOKJS07Xutm3+1Cr3ytmbnkjO6LjHzCMcMQXvcT"
@@ -113,6 +125,11 @@ This function should be secure with the proper parameters, and will remain in
the library for the forseeable future, but it is specific to Botan rather than
being a widely used password hash. Prefer bcrypt.
+.. warning::
+
+ This password format string ("$9$") conflicts with the format used
+ for scrypt password hashes on Cisco systems.
+
.. cpp:function:: std::string generate_passhash9(const std::string& password, \
RandomNumberGenerator& rng, u16bit work_factor = 10, byte alg_id = 1)