RE: svn commit: r1772803 - in /apr/apr/trunk: CHANGEScrypto/crypt_blowfish.c

Mon, 05 Dec 2016 14:39:12 -0800 

Doesn’t this simple patch break all existing hashes for the existing type?

Perhaps this breakage is safe for 2.0, but perhaps it is better to just 
introduce a new less expensive hash format, while still allowing verifications 
against the old format.

For some of the hash usacases the fact that the code is very expensive is an 
advantage. (Expensive to crack)


Bert

Sent from Mail for Windows 10

From: n...@apache.org
Sent: maandag 5 december 2016 21:57
To: comm...@apr.apache.org
Subject: svn commit: r1772803 - in /apr/apr/trunk: 
CHANGEScrypto/crypt_blowfish.c

Author: niq
Date: Mon Dec  5 20:56:59 2016
New Revision: 1772803

URL: http://svn.apache.org/viewvc?rev=1772803&view=rev
Log:
apr_crypt: avoid excessive iteration in bcrypt hash.
Patch by Hanno Böck

Modified:
    apr/apr/trunk/CHANGES
    apr/apr/trunk/crypto/crypt_blowfish.c

Modified: apr/apr/trunk/CHANGES
URL: 
http://svn.apache.org/viewvc/apr/apr/trunk/CHANGES?rev=1772803&r1=1772802&r2=1772803&view=diff
==============================================================================
--- apr/apr/trunk/CHANGES [utf-8] (original)
+++ apr/apr/trunk/CHANGES [utf-8] Mon Dec  5 20:56:59 2016
@@ -1,6 +1,9 @@
                                                      -*- coding: utf-8 -*-
 Changes for APR 2.0.0
 
+  *) apr_crypto: avoid excessive iteration in bcrypt hash.
+     [Hanno Böck <hanno hboeck.de>]
+
   *) apr_siphash: Implement keyed hash function SipHash.  [Yann Ylavic]
 
   *) apr_atomic: change the API of apr_atomic_casptr() apr_atomic_xchgptr()

Modified: apr/apr/trunk/crypto/crypt_blowfish.c
URL: 
http://svn.apache.org/viewvc/apr/apr/trunk/crypto/crypt_blowfish.c?rev=1772803&r1=1772802&r2=1772803&view=diff
==============================================================================
--- apr/apr/trunk/crypto/crypt_blowfish.c (original)
+++ apr/apr/trunk/crypto/crypt_blowfish.c Mon Dec  5 20:56:59 2016
@@ -877,7 +877,7 @@ char *_crypt_gensalt_blowfish_rn(const c
        const char *input, int size, char *output, int output_size)
 {
        if (size < 16 || output_size < 7 + 22 + 1 ||
-           (count && (count < 4 || count > 31)) ||
+           (count && (count < 4 || count > 17)) ||
            prefix[0] != '$' || prefix[1] != '2' ||
            (prefix[2] != 'a' && prefix[2] != 'y')) {
                if (output_size > 0) output[0] = '\0';

Reply via email to