aboutsummaryrefslogtreecommitdiffstats
path: root/src/tests/data
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-03-23 15:45:50 -0400
committerJack Lloyd <[email protected]>2017-03-24 10:55:38 -0400
commitc0901e801d72bb2fdf3a205f6debf5ed954567f8 (patch)
treea959f1ce5fb348d8160938a5bb4fb2070f3a6c71 /src/tests/data
parentc936086354203ddf275435fff611d3e2c99e6975 (diff)
Fix incorrect password truncation in bcrypt password hashing.
The 56 char bound is bogus; Blowfish itself allows at most 448 bits in the key schedule, but Bcrypt's modification allows up to 72 chars for the password. Bug pointed out by Solar Designer. Also reject work factors 0...3 since all other extant bcrypt implementations require at least work factor 4. Adds more bcrypt tests generated by crypt_bcrypt and OpenBSD's version.
Diffstat (limited to 'src/tests/data')
-rw-r--r--src/tests/data/bcrypt.vec272
1 files changed, 271 insertions, 1 deletions
diff --git a/src/tests/data/bcrypt.vec b/src/tests/data/bcrypt.vec
index c78ab970a..de0eefbd2 100644
--- a/src/tests/data/bcrypt.vec
+++ b/src/tests/data/bcrypt.vec
@@ -1,5 +1,4 @@
-
# Generated by jBCrypt 0.3
Password = 616263
Passhash = $2a$05$DfPyLs.G6.To9fXEFgUL1O6HpYw3jIXgPcl/L3Qt3jESuWmhxtmpS
@@ -7,3 +6,274 @@ Passhash = $2a$05$DfPyLs.G6.To9fXEFgUL1O6HpYw3jIXgPcl/L3Qt3jESuWmhxtmpS
# http://www.openwall.com/lists/john-dev/2011/06/19/2
Password = A3
Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq
+
+# Following values from http://download.openwall.net/pub/projects/crypt/bcrypt-tester-1.0.tar.gz
+Password =
+Passhash = $2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy
+
+Password = 552A55
+Passhash = $2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW
+
+Password = 552A552A
+Passhash = $2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK
+
+Password = 552A552A55
+Passhash = $2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a
+
+Password = 303132333435363738396162636465666768696A6B6C6D6E6F707172737475767778797A4142434445464748494A4B4C4D4E4F505152535455565758595A303132333435363738396368617273206166746572203732206172652069676E6F726564
+Passhash = $2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui
+
+Password = A3
+Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq
+
+Password = FFFFA3
+Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e
+
+Password = FFA33334FFFFFFA3333435
+Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi
+
+Password = FFA3333435
+Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e
+
+Password = A36162
+Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS
+
+Password = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6368617273206166746572203732206172652069676E6F72656420617320757375616C
+Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.swQOIzjOiJ9GHEPuhEkvqrUyvWhEMx6
+
+Password = AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55
+Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.R9xrDjiycxMbQE2bp.vgqlYpW5wx2yy
+
+Password = 55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF
+Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.9tQZzcJfm3uj2NvJ/n5xkhpqLrMpWCe
+
+# Test very long (> 256 char) password
+# Generated by https://www.dailycred.com/article/bcrypt-calculator
+Password = 4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595b
+Passhash = $2a$04$nP0HWhorPRGl309OF27N0Oluj0wfAKWClP9gDcqOU1D.VF4x6bHTi
+
+# Generated by OpenBSD's bcrypt code
+
+Password =
+Passhash = $2a$04$......................w74bL5gU7LSJClZClCa.Pkz14aTv/XO
+
+Password = 41
+Passhash = $2a$04$......................1ylfG1rzUcx/p4E2WWXbK1hNBjulV/e
+
+Password = 4142
+Passhash = $2a$04$......................eLmsldq6Kef4lNzfsH3GLn5XEr9/dky
+
+Password = 414243
+Passhash = $2a$04$......................SeoxjjNIHEA7B01Yt2Fq2YNSKittPem
+
+Password = 41424344
+Passhash = $2a$04$......................5UWApRNcV8gDN6km6KdMC7MJRnFLJLi
+
+Password = 4142434445
+Passhash = $2a$04$......................aqTIOQ1wy6xo2DKiG2jtVHuLfBC.Cte
+
+Password = 414243444546
+Passhash = $2a$04$......................3eUc6EVdIHLPSHsfENd73y1qHUgeET6
+
+Password = 41424344454647
+Passhash = $2a$04$......................FuV659LudNIL0yJfqrb.JB0ab1eCXCy
+
+Password = 4142434445464748
+Passhash = $2a$04$......................1WDT31a/PBuYi4hmam2gvmgA54t9HUO
+
+Password = 414243444546474849
+Passhash = $2a$04$......................aHMfyD101pOa19Avcj8wFk7x8JyP/Oi
+
+Password = 4142434445464748494A
+Passhash = $2a$04$......................MQooKLE8.P36GbWDUbrk2NT3PYZsXOG
+
+Password = 4142434445464748494A4B
+Passhash = $2a$04$......................eprYLc9vXOwDMCyqLAGvznMqJmzEEzu
+
+Password = 4142434445464748494A4B4C
+Passhash = $2a$04$......................wg1/merzamWae4FzZdzXVFCzeXcdRBe
+
+Password = 4142434445464748494A4B4C4D
+Passhash = $2a$04$......................F45.kWUMV0S88ts9G8w1ySdc0eL1QsO
+
+Password = 4142434445464748494A4B4C4D4E
+Passhash = $2a$04$......................b5f2SSP91ThKR9rHlejbqwpgGTKgEPW
+
+Password = 4142434445464748494A4B4C4D4E4F
+Passhash = $2a$04$......................GAUIFe599t9404.M92TX4qg.qlyozvu
+
+Password = 4142434445464748494A4B4C4D4E4F50
+Passhash = $2a$04$......................hGf/sBFCzxtt7aLth.CkSiqMLfMNkky
+
+Password = 4142434445464748494A4B4C4D4E4F5051
+Passhash = $2a$04$......................wxi.5vCbqbfYRB4Ptb9YMVEedkzkg2G
+
+Password = 4142434445464748494A4B4C4D4E4F505152
+Passhash = $2a$04$......................fEQhKOa7gmjs2X6pPxkAG4Ua1CK3/MG
+
+Password = 4142434445464748494A4B4C4D4E4F50515253
+Passhash = $2a$04$......................GeXtzTa.p8bAbpHdSzLDDvcT5z8rd2G
+
+Password = 4142434445464748494A4B4C4D4E4F5051525354
+Passhash = $2a$04$......................D.nuIHnFpRTTietbZXCpTqMLktmgvOG
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455
+Passhash = $2a$04$......................0rP0aIe6CiaXgLviO7CrReRMoq4Z76u
+
+Password = 4142434445464748494A4B4C4D4E4F50515253545556
+Passhash = $2a$04$......................2nuK3e9hYlR3ZpUulSwuH9XEFf/TwB.
+
+Password = 4142434445464748494A4B4C4D4E4F5051525354555657
+Passhash = $2a$04$......................pFb7ADMM2CyyVheTwTO4ljTOaAd.SO2
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758
+Passhash = $2a$04$......................Hb6CQJzZLi0jF2iRoWF/LytXl0UIlGi
+
+Password = 4142434445464748494A4B4C4D4E4F50515253545556575859
+Passhash = $2a$04$......................hDkGLLxi1xlzQ2l8yCVZW8STSQwY8ca
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A
+Passhash = $2a$04$......................rEzQdCIvx3710X.o8rPHje0DJNW7nby
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B
+Passhash = $2a$04$......................YRx250oXqZ8PAF9VCwDd3tMHvNG/EYS
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C
+Passhash = $2a$04$......................8VVYuFwpyz50KoSQSww6HtAcM.puvFK
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D
+Passhash = $2a$04$......................U/uWNlMQ1nCojM9KJYXst0H..Vr3K7e
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E
+Passhash = $2a$04$......................JKICUBStZDD90QJxUirvbW6XhMN3k0i
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+Passhash = $2a$04$......................XQ1Pz.WGSIGPbun4umJ/uKtAi5mImNK
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60
+Passhash = $2a$04$......................zK87xeHJykwKa7B3WqaREFx8LkTw7w.
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F6061
+Passhash = $2a$04$......................DRU9poimCmGTetm8ijeul2OZ7Ghgyn.
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162
+Passhash = $2a$04$......................cOoYOK6c366gK6BBmcYlCPqGGy7/Yce
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263
+Passhash = $2a$04$......................f31Ni98iYpbJzxJoqhWuxvB8PPUOc5G
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F6061626364
+Passhash = $2a$04$......................uZLqllZzmsIDcmdihrBslz0A.WJp5lC
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465
+Passhash = $2a$04$......................Mv6hK0wgc5CxkxPVhyit7DjpOLHCRme
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263646566
+Passhash = $2a$04$......................40cOEgw5sV8TKGjzB4JF.yiTJCBJGsq
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F6061626364656667
+Passhash = $2a$04$......................DR/BFDmrsl0CqGeCo5EYawLtrLL2PF6
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768
+Passhash = $2a$04$......................7VtgAnmfpC6qryaX7qsvlfCvk2ooW4S
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263646566676869
+Passhash = $2a$04$......................Eo0q.nfaVXn4NIfoyveRiLRKHSMDAHW
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A
+Passhash = $2a$04$......................kfxex5FfUJhJQYogm.8FloXjQjvcl..
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B
+Passhash = $2a$04$......................fmpuNlu0eW7fsRBEbIlZs/ZIP0a9Dby
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C
+Passhash = $2a$04$......................mI0Rbwk/yFUkA/TLKmMfSMu4KqSGzZq
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D
+Passhash = $2a$04$......................jqCcJxoUtwRpIFnCPZtrn2zpFY6tU6a
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E
+Passhash = $2a$04$......................FGzij2Dvl2qbVhtOfDhvGodD0BaH1zO
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F
+Passhash = $2a$04$......................8gWGyOqSrT/N84xajt5y1cc7kdYTS1C
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70
+Passhash = $2a$04$......................n0uapt/O8ZGLLoTYi8RVz5gtLzcH9OG
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071
+Passhash = $2a$04$......................snIIPVZopm0TC4WLrpTNtW136us.66S
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172
+Passhash = $2a$04$......................xJlz/E02Am2/sxO97jDYuFkxKMCNPuC
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273
+Passhash = $2a$04$......................ci6b5BSX.Gt1z2O5on9.k9Po1q6nJMe
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071727374
+Passhash = $2a$04$......................JGYY7FRsBznRZJfr8gNUgmRIekndoEu
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475
+Passhash = $2a$04$......................c.8sucK9TMUPlwbux0u2EjoWeS7exm.
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273747576
+Passhash = $2a$04$......................2iQopzqprPYwjRJTAJnVPO00t8/HyT.
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071727374757677
+Passhash = $2a$04$......................COrfw5/Mj6Js8CePzOVuowO57dzDlXq
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778
+Passhash = $2a$04$......................M/SrGocfiSlHaOnFqqV0RGjlcuPM2xO
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273747576777879
+Passhash = $2a$04$......................gPjyepv.g7qMZXDTwcEjfks0xFwQDsW
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A
+Passhash = $2a$04$......................YCdU1yffMxpqGnbkhm4j11QBUQzr6vW
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B
+Passhash = $2a$04$......................PFZW7x0F2WdDhhfr9IbRIJhaUrlT/4.
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C
+Passhash = $2a$04$......................2gd/Za4BdTci7v1rdamN0XZ5lk5PnuO
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D
+Passhash = $2a$04$......................fbhaW8SPcJjDFtC9ruTvwIZhbhoT6Ve
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E
+Passhash = $2a$04$......................yB12tMsxREReDqkSHzR6G890abKjKHi
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F
+Passhash = $2a$04$......................yyR3U//QnDydsWfSIZwCsrzXqwdED7e
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F80
+Passhash = $2a$04$......................IWK3CyxBeu3hZXP./rSl1gS.CHOl51q
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
+Passhash = $2a$04$......................OrN52h3sUOH7u7aUFZLLPecPAC6pDUy
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182
+Passhash = $2a$04$......................7czL69h9T6Z84Yen8wrtzeNUPZIksLq
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F80818283
+Passhash = $2a$04$......................hlFxmtvTDFEJ/W7ViRXVzIBmwELyxde
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081828384
+Passhash = $2a$04$......................wtpFiSjRvlfidwkUDR2EefHBYOStMyO
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485
+Passhash = $2a$04$......................fFhiRdC6u8ZnZNqxK5vIyMinSFC4HjG
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F80818283848586
+Passhash = $2a$04$......................FCJRl4rapF1jLog3AjcYUtLupr62MHW
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081828384858687
+Passhash = $2a$04$......................qt4eTaEVpLnPbEit4noon6YMRxjO8kq
+
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788
+Passhash = $2a$04$....................../VvYrJip/blbJEy92Sih8t0k26f242.
+
+# This demonstrates truncation of passwords > 72 chars, identical to previous hash
+Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F80818283848586878889
+Passhash = $2a$04$....................../VvYrJip/blbJEy92Sih8t0k26f242.
+