diff options
author | Jack Lloyd <[email protected]> | 2017-03-23 15:45:50 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-03-24 10:55:38 -0400 |
commit | c0901e801d72bb2fdf3a205f6debf5ed954567f8 (patch) | |
tree | a959f1ce5fb348d8160938a5bb4fb2070f3a6c71 /doc/security.rst | |
parent | c936086354203ddf275435fff611d3e2c99e6975 (diff) |
Fix incorrect password truncation in bcrypt password hashing.
The 56 char bound is bogus; Blowfish itself allows at most 448 bits
in the key schedule, but Bcrypt's modification allows up to 72 chars
for the password. Bug pointed out by Solar Designer.
Also reject work factors 0...3 since all other extant bcrypt
implementations require at least work factor 4.
Adds more bcrypt tests generated by crypt_bcrypt and OpenBSD's version.
Diffstat (limited to 'doc/security.rst')
-rw-r--r-- | doc/security.rst | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/security.rst b/doc/security.rst index 2ab105efd..2a46ca3b2 100644 --- a/doc/security.rst +++ b/doc/security.rst @@ -15,6 +15,17 @@ mail please use:: This key can be found in the file ``doc/pgpkey.txt`` or online at https://keybase.io/jacklloyd and on most PGP keyservers. +2017 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +* 2017-03-23: Incorrect bcrypt computation + + Botan's implementation of bcrypt password hashing scheme truncated long + passwords at 56 characters, instead of at bcrypt's standard 72 characters + limit. Passwords with lengths between these two bounds could be cracked more + easily than should be the case due to the final password bytes being + ignored. Found and reported by Solar Designer. + 2016 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |