aboutsummaryrefslogtreecommitdiffstats
path: root/doc/security.rst
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-03-23 15:45:50 -0400
committerJack Lloyd <[email protected]>2017-03-24 10:55:38 -0400
commitc0901e801d72bb2fdf3a205f6debf5ed954567f8 (patch)
treea959f1ce5fb348d8160938a5bb4fb2070f3a6c71 /doc/security.rst
parentc936086354203ddf275435fff611d3e2c99e6975 (diff)
Fix incorrect password truncation in bcrypt password hashing.
The 56 char bound is bogus; Blowfish itself allows at most 448 bits in the key schedule, but Bcrypt's modification allows up to 72 chars for the password. Bug pointed out by Solar Designer. Also reject work factors 0...3 since all other extant bcrypt implementations require at least work factor 4. Adds more bcrypt tests generated by crypt_bcrypt and OpenBSD's version.
Diffstat (limited to 'doc/security.rst')
-rw-r--r--doc/security.rst11
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/security.rst b/doc/security.rst
index 2ab105efd..2a46ca3b2 100644
--- a/doc/security.rst
+++ b/doc/security.rst
@@ -15,6 +15,17 @@ mail please use::
This key can be found in the file ``doc/pgpkey.txt`` or online at
https://keybase.io/jacklloyd and on most PGP keyservers.
+2017
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* 2017-03-23: Incorrect bcrypt computation
+
+ Botan's implementation of bcrypt password hashing scheme truncated long
+ passwords at 56 characters, instead of at bcrypt's standard 72 characters
+ limit. Passwords with lengths between these two bounds could be cracked more
+ easily than should be the case due to the final password bytes being
+ ignored. Found and reported by Solar Designer.
+
2016
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^