Changes between Initial Version and Version 1 of Ticket #21022, comment 121
- Timestamp:
- 09/18/2019 06:53:09 AM (2 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #21022, comment 121
initial v1 7 7 The vulnerability is a two-step: (1) Raw SHA hashes allow null-bytes as valid characters. Then (2) the PHP implementation of bcrypt truncates the password-input at the 1st null byte (likely ALL C-based implementations of bcrypt do this). 8 8 9 Or, as @paragoninitiativeenterprises noted in the link just above, there's a 1-in-256 chance that the 1st character in a SHA hash is a NUL-byte (0.39% chance). Extrapolating, that means there's a 5.9% chance a 15 -characterpassword gets truncated early if you feed a raw SHA directly to `password_hash()`.9 Or, as @paragoninitiativeenterprises noted in the link just above, there's a 1-in-256 chance that the 1st character in a SHA hash is a NUL-byte (0.39% chance). Extrapolating, that means there's a 5.9% chance a 15+ character (edit: changed 15-char to 15+) password gets truncated early if you feed a raw SHA directly to `password_hash()`. 10 10 11 11 So ... do NOT `password_hash( hash( 'SHA_any', $password ) )`.