diff options
author | Jack Lloyd <[email protected]> | 2017-03-23 15:45:50 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-03-24 10:55:38 -0400 |
commit | c0901e801d72bb2fdf3a205f6debf5ed954567f8 (patch) | |
tree | a959f1ce5fb348d8160938a5bb4fb2070f3a6c71 /src/tests/data | |
parent | c936086354203ddf275435fff611d3e2c99e6975 (diff) |
Fix incorrect password truncation in bcrypt password hashing.
The 56 char bound is bogus; Blowfish itself allows at most 448 bits
in the key schedule, but Bcrypt's modification allows up to 72 chars
for the password. Bug pointed out by Solar Designer.
Also reject work factors 0...3 since all other extant bcrypt
implementations require at least work factor 4.
Adds more bcrypt tests generated by crypt_bcrypt and OpenBSD's version.
Diffstat (limited to 'src/tests/data')
-rw-r--r-- | src/tests/data/bcrypt.vec | 272 |
1 files changed, 271 insertions, 1 deletions
diff --git a/src/tests/data/bcrypt.vec b/src/tests/data/bcrypt.vec index c78ab970a..de0eefbd2 100644 --- a/src/tests/data/bcrypt.vec +++ b/src/tests/data/bcrypt.vec @@ -1,5 +1,4 @@ - # Generated by jBCrypt 0.3 Password = 616263 Passhash = $2a$05$DfPyLs.G6.To9fXEFgUL1O6HpYw3jIXgPcl/L3Qt3jESuWmhxtmpS @@ -7,3 +6,274 @@ Passhash = $2a$05$DfPyLs.G6.To9fXEFgUL1O6HpYw3jIXgPcl/L3Qt3jESuWmhxtmpS # http://www.openwall.com/lists/john-dev/2011/06/19/2 Password = A3 Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq + +# Following values from http://download.openwall.net/pub/projects/crypt/bcrypt-tester-1.0.tar.gz +Password = +Passhash = $2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy + +Password = 552A55 +Passhash = $2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW + +Password = 552A552A +Passhash = $2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK + +Password = 552A552A55 +Passhash = $2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a + +Password = 303132333435363738396162636465666768696A6B6C6D6E6F707172737475767778797A4142434445464748494A4B4C4D4E4F505152535455565758595A303132333435363738396368617273206166746572203732206172652069676E6F726564 +Passhash = $2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui + +Password = A3 +Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq + +Password = FFFFA3 +Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e + +Password = FFA33334FFFFFFA3333435 +Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi + +Password = FFA3333435 +Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e + +Password = A36162 +Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS + +Password = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6368617273206166746572203732206172652069676E6F72656420617320757375616C +Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.swQOIzjOiJ9GHEPuhEkvqrUyvWhEMx6 + +Password = AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55AA55 +Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.R9xrDjiycxMbQE2bp.vgqlYpW5wx2yy + +Password = 55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF55AAFF +Passhash = $2a$05$/OK.fbVrR/bpIqNJ5ianF.9tQZzcJfm3uj2NvJ/n5xkhpqLrMpWCe + +# Test very long (> 256 char) password +# Generated by https://www.dailycred.com/article/bcrypt-calculator +Password = 4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595a4142434445464748494a4b4c4d4e4f505152535455565758595b +Passhash = $2a$04$nP0HWhorPRGl309OF27N0Oluj0wfAKWClP9gDcqOU1D.VF4x6bHTi + +# Generated by OpenBSD's bcrypt code + +Password = +Passhash = $2a$04$......................w74bL5gU7LSJClZClCa.Pkz14aTv/XO + +Password = 41 +Passhash = $2a$04$......................1ylfG1rzUcx/p4E2WWXbK1hNBjulV/e + +Password = 4142 +Passhash = $2a$04$......................eLmsldq6Kef4lNzfsH3GLn5XEr9/dky + +Password = 414243 +Passhash = $2a$04$......................SeoxjjNIHEA7B01Yt2Fq2YNSKittPem + +Password = 41424344 +Passhash = $2a$04$......................5UWApRNcV8gDN6km6KdMC7MJRnFLJLi + +Password = 4142434445 +Passhash = $2a$04$......................aqTIOQ1wy6xo2DKiG2jtVHuLfBC.Cte + +Password = 414243444546 +Passhash = $2a$04$......................3eUc6EVdIHLPSHsfENd73y1qHUgeET6 + +Password = 41424344454647 +Passhash = $2a$04$......................FuV659LudNIL0yJfqrb.JB0ab1eCXCy + +Password = 4142434445464748 +Passhash = $2a$04$......................1WDT31a/PBuYi4hmam2gvmgA54t9HUO + +Password = 414243444546474849 +Passhash = $2a$04$......................aHMfyD101pOa19Avcj8wFk7x8JyP/Oi + +Password = 4142434445464748494A +Passhash = $2a$04$......................MQooKLE8.P36GbWDUbrk2NT3PYZsXOG + +Password = 4142434445464748494A4B +Passhash = $2a$04$......................eprYLc9vXOwDMCyqLAGvznMqJmzEEzu + +Password = 4142434445464748494A4B4C +Passhash = $2a$04$......................wg1/merzamWae4FzZdzXVFCzeXcdRBe + +Password = 4142434445464748494A4B4C4D +Passhash = $2a$04$......................F45.kWUMV0S88ts9G8w1ySdc0eL1QsO + +Password = 4142434445464748494A4B4C4D4E +Passhash = $2a$04$......................b5f2SSP91ThKR9rHlejbqwpgGTKgEPW + +Password = 4142434445464748494A4B4C4D4E4F +Passhash = $2a$04$......................GAUIFe599t9404.M92TX4qg.qlyozvu + +Password = 4142434445464748494A4B4C4D4E4F50 +Passhash = $2a$04$......................hGf/sBFCzxtt7aLth.CkSiqMLfMNkky + +Password = 4142434445464748494A4B4C4D4E4F5051 +Passhash = $2a$04$......................wxi.5vCbqbfYRB4Ptb9YMVEedkzkg2G + +Password = 4142434445464748494A4B4C4D4E4F505152 +Passhash = $2a$04$......................fEQhKOa7gmjs2X6pPxkAG4Ua1CK3/MG + +Password = 4142434445464748494A4B4C4D4E4F50515253 +Passhash = $2a$04$......................GeXtzTa.p8bAbpHdSzLDDvcT5z8rd2G + +Password = 4142434445464748494A4B4C4D4E4F5051525354 +Passhash = $2a$04$......................D.nuIHnFpRTTietbZXCpTqMLktmgvOG + +Password = 4142434445464748494A4B4C4D4E4F505152535455 +Passhash = $2a$04$......................0rP0aIe6CiaXgLviO7CrReRMoq4Z76u + +Password = 4142434445464748494A4B4C4D4E4F50515253545556 +Passhash = $2a$04$......................2nuK3e9hYlR3ZpUulSwuH9XEFf/TwB. + +Password = 4142434445464748494A4B4C4D4E4F5051525354555657 +Passhash = $2a$04$......................pFb7ADMM2CyyVheTwTO4ljTOaAd.SO2 + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758 +Passhash = $2a$04$......................Hb6CQJzZLi0jF2iRoWF/LytXl0UIlGi + +Password = 4142434445464748494A4B4C4D4E4F50515253545556575859 +Passhash = $2a$04$......................hDkGLLxi1xlzQ2l8yCVZW8STSQwY8ca + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A +Passhash = $2a$04$......................rEzQdCIvx3710X.o8rPHje0DJNW7nby + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B +Passhash = $2a$04$......................YRx250oXqZ8PAF9VCwDd3tMHvNG/EYS + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C +Passhash = $2a$04$......................8VVYuFwpyz50KoSQSww6HtAcM.puvFK + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D +Passhash = $2a$04$......................U/uWNlMQ1nCojM9KJYXst0H..Vr3K7e + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E +Passhash = $2a$04$......................JKICUBStZDD90QJxUirvbW6XhMN3k0i + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F +Passhash = $2a$04$......................XQ1Pz.WGSIGPbun4umJ/uKtAi5mImNK + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60 +Passhash = $2a$04$......................zK87xeHJykwKa7B3WqaREFx8LkTw7w. + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F6061 +Passhash = $2a$04$......................DRU9poimCmGTetm8ijeul2OZ7Ghgyn. + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162 +Passhash = $2a$04$......................cOoYOK6c366gK6BBmcYlCPqGGy7/Yce + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263 +Passhash = $2a$04$......................f31Ni98iYpbJzxJoqhWuxvB8PPUOc5G + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F6061626364 +Passhash = $2a$04$......................uZLqllZzmsIDcmdihrBslz0A.WJp5lC + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465 +Passhash = $2a$04$......................Mv6hK0wgc5CxkxPVhyit7DjpOLHCRme + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263646566 +Passhash = $2a$04$......................40cOEgw5sV8TKGjzB4JF.yiTJCBJGsq + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F6061626364656667 +Passhash = $2a$04$......................DR/BFDmrsl0CqGeCo5EYawLtrLL2PF6 + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768 +Passhash = $2a$04$......................7VtgAnmfpC6qryaX7qsvlfCvk2ooW4S + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F60616263646566676869 +Passhash = $2a$04$......................Eo0q.nfaVXn4NIfoyveRiLRKHSMDAHW + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A +Passhash = $2a$04$......................kfxex5FfUJhJQYogm.8FloXjQjvcl.. + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B +Passhash = $2a$04$......................fmpuNlu0eW7fsRBEbIlZs/ZIP0a9Dby + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C +Passhash = $2a$04$......................mI0Rbwk/yFUkA/TLKmMfSMu4KqSGzZq + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D +Passhash = $2a$04$......................jqCcJxoUtwRpIFnCPZtrn2zpFY6tU6a + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E +Passhash = $2a$04$......................FGzij2Dvl2qbVhtOfDhvGodD0BaH1zO + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F +Passhash = $2a$04$......................8gWGyOqSrT/N84xajt5y1cc7kdYTS1C + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70 +Passhash = $2a$04$......................n0uapt/O8ZGLLoTYi8RVz5gtLzcH9OG + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071 +Passhash = $2a$04$......................snIIPVZopm0TC4WLrpTNtW136us.66S + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172 +Passhash = $2a$04$......................xJlz/E02Am2/sxO97jDYuFkxKMCNPuC + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273 +Passhash = $2a$04$......................ci6b5BSX.Gt1z2O5on9.k9Po1q6nJMe + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071727374 +Passhash = $2a$04$......................JGYY7FRsBznRZJfr8gNUgmRIekndoEu + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475 +Passhash = $2a$04$......................c.8sucK9TMUPlwbux0u2EjoWeS7exm. + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273747576 +Passhash = $2a$04$......................2iQopzqprPYwjRJTAJnVPO00t8/HyT. + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071727374757677 +Passhash = $2a$04$......................COrfw5/Mj6Js8CePzOVuowO57dzDlXq + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778 +Passhash = $2a$04$......................M/SrGocfiSlHaOnFqqV0RGjlcuPM2xO + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F70717273747576777879 +Passhash = $2a$04$......................gPjyepv.g7qMZXDTwcEjfks0xFwQDsW + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A +Passhash = $2a$04$......................YCdU1yffMxpqGnbkhm4j11QBUQzr6vW + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B +Passhash = $2a$04$......................PFZW7x0F2WdDhhfr9IbRIJhaUrlT/4. + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C +Passhash = $2a$04$......................2gd/Za4BdTci7v1rdamN0XZ5lk5PnuO + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D +Passhash = $2a$04$......................fbhaW8SPcJjDFtC9ruTvwIZhbhoT6Ve + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E +Passhash = $2a$04$......................yB12tMsxREReDqkSHzR6G890abKjKHi + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F +Passhash = $2a$04$......................yyR3U//QnDydsWfSIZwCsrzXqwdED7e + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F80 +Passhash = $2a$04$......................IWK3CyxBeu3hZXP./rSl1gS.CHOl51q + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081 +Passhash = $2a$04$......................OrN52h3sUOH7u7aUFZLLPecPAC6pDUy + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182 +Passhash = $2a$04$......................7czL69h9T6Z84Yen8wrtzeNUPZIksLq + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F80818283 +Passhash = $2a$04$......................hlFxmtvTDFEJ/W7ViRXVzIBmwELyxde + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081828384 +Passhash = $2a$04$......................wtpFiSjRvlfidwkUDR2EefHBYOStMyO + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485 +Passhash = $2a$04$......................fFhiRdC6u8ZnZNqxK5vIyMinSFC4HjG + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F80818283848586 +Passhash = $2a$04$......................FCJRl4rapF1jLog3AjcYUtLupr62MHW + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081828384858687 +Passhash = $2a$04$......................qt4eTaEVpLnPbEit4noon6YMRxjO8kq + +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788 +Passhash = $2a$04$....................../VvYrJip/blbJEy92Sih8t0k26f242. + +# This demonstrates truncation of passwords > 72 chars, identical to previous hash +Password = 4142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F80818283848586878889 +Passhash = $2a$04$....................../VvYrJip/blbJEy92Sih8t0k26f242. + |