Re: Bcrypt hash program on Debian 8 without python-pip ?

[Thomas Schmitt]

Hi,

on the second try i found out that the way to avoid the need for pip
is package "python-bcrypt". I asked the wrong question to apt-file
on the first try.

Thanks to python's help("bcrypt") i can also avoid passlib:

  $ python
  >>> import bcrypt
  >>> bcrypt.gensalt(16)
  '$2b$16$joRzQDFBqWzio.8tjWzJaO'
  >>> bcrypt.hashpw("ElmerFudpecker",'$2b$16$joRzQDFBqWzio.8tjWzJaO')
  '$2b$16$joRzQDFBqWzio.8tjWzJaOdnF5Wha3xW/WDIJQEsI59mvvBZr5lMe'
  >>> bcrypt.hashpw("ElmerFudpecker",'$2b$16$joRzQDFBqWzio.8tjWzJaO')
  '$2b$16$joRzQDFBqWzio.8tjWzJaOdnF5Wha3xW/WDIJQEsI59mvvBZr5lMe'

The speed on real iron is quite the same: 3.6 seconds with cost 16.
But i get a different salt type than on Sid and cannot use the one from Sid.

  >>> bcrypt.hashpw("ElmerFudpecker",'$2b$16$joRzQDFBqWzio.8tjWzJaO')
  ...
  ValueError: Invalid salt
  >>> bcrypt.gensalt(16)
  '$2a$16$TO/1Wc6L2wC8SgJpgQEV9e'
  >>> bcrypt.hashpw("ElmerFudpecker",'$2a$16$TO/1Wc6L2wC8SgJpgQEV9e')
  '$2a$16$TO/1Wc6L2wC8SgJpgQEV9eYsyzF0Gp8iiq/DpEuxGhRExoRf3hyqG'

Note the "$2a$" instead of "$2b$".
To my luck, Sid's bcrypt accepts the Jessie salt and produces the same hash
as Jessie's bcrypt.
So one will not have to change all remote passwords when upgrading bcrypt.

"$2a$" seems to be deprecated according to:
  http://passlib.readthedocs.io/en/stable/lib/passlib.hash.bcrypt.html
  "some implementations suffered from rare security flaws, replaced by 2b."


Nevertheless. How to avoid python ?


Have a nice day :)

Thomas

Bcrypt hash program on Debian 8 without python-pip ?

[Thomas Schmitt]

Hi,

i wanted to make some experiments with bcrypt's timing and it seems
that i need to make a wide detour over fat python stuff.

First i installed package "bcrypt" which turned out to provide an application
of the original Blowfish algorithm, which is so poor that the Debian version
is not allowed to encrypt anything any more:
  Encryption support disabled. See http://bugs.debian.org/700758

In the web i found an example
  https://passlib.readthedocs.io/en/stable/lib/passlib.hash.bcrypt.html
which i can replay after doing in my sandbox
  apt-get install python-passlib
This added 2 MB, did not suffice, and proposed pip
  apt-get install python-pip
55 MB added. Then
  pip install bcrypt
Here i forgot to measure how many MB. Duh. It lasted about 3 seconds.
The "pip" run needed no superuser power.

I assume that the bcrypt algorithm is not running with python speed
but rather with binary program speed.

So i did some benchmarks (qemu with kvm on 3.5 GHz 4 core Xeon):

  $ python
  >>> from passlib.hash import bcrypt

The example with a "cost" of 13 needs about half a second:

  >>> bcrypt.using(rounds=13).hash("password")
  '$2b$13$IkrRofF47sgCo3CL/E.4ku.87dSGi1W0.3ZEgTYDrVuzXxpAYiUwu'

Consequentially cost 16 needs 4 seconds, and 18 needs 15, 19 needs 30.
I'd say that 16 would be bearable in this python contraption.

So

  >>> bcrypt.using(rounds=16).hash("ElmerFudpecker")
  '$2b$16$0UGXpt5volf7U/U5pXXGs.fS/X6HSw.9QCzTfRGFOP/qmNvcExGDK'

would yield the 31 character password

  fS/X6HSw.9QCzTfRGFOP/qmNvcExGDK

to be transmitted to the remote service.

Of course, "ElmerFudpecker" would not be hardcoded in the python program
but rather be input from the keyboard.
And as said, it should be much more hard to guess that a celebrity name.

Four 3.5GHz-Xeon seconds per try would be a pain for any enumerator,
even with a GPU array. Not unsurpassable, but also not without due heat
dissipation. Let him sweat.


Now how would i get this on real Debian 8 iron without running "pip" ?
Best would be an implementation in plain C without a cuddly snake around it.
  apt-file search bcrypt
produces enough output to hide three such packages from my eyes.


Have a nice day :)

Thomas