apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <b...@qqmail.nl>
Subject RE: svn commit: r1772803 - in /apr/apr/trunk: CHANGEScrypto/crypt_blowfish.c
Date Mon, 05 Dec 2016 22:38:44 GMT
Doesn’t this simple patch break all existing hashes for the existing type?

Perhaps this breakage is safe for 2.0, but perhaps it is better to just introduce a new less
expensive hash format, while still allowing verifications against the old format.

For some of the hash usacases the fact that the code is very expensive is an advantage. (Expensive
to crack)


Bert

Sent from Mail for Windows 10

From: niq@apache.org
Sent: maandag 5 december 2016 21:57
To: commits@apr.apache.org
Subject: svn commit: r1772803 - in /apr/apr/trunk: CHANGEScrypto/crypt_blowfish.c

Author: niq
Date: Mon Dec  5 20:56:59 2016
New Revision: 1772803

URL: http://svn.apache.org/viewvc?rev=1772803&view=rev
Log:
apr_crypt: avoid excessive iteration in bcrypt hash.
Patch by Hanno Böck

Modified:
    apr/apr/trunk/CHANGES
    apr/apr/trunk/crypto/crypt_blowfish.c

Modified: apr/apr/trunk/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr/trunk/CHANGES?rev=1772803&r1=1772802&r2=1772803&view=diff
==============================================================================
--- apr/apr/trunk/CHANGES [utf-8] (original)
+++ apr/apr/trunk/CHANGES [utf-8] Mon Dec  5 20:56:59 2016
@@ -1,6 +1,9 @@
                                                      -*- coding: utf-8 -*-
 Changes for APR 2.0.0
 
+  *) apr_crypto: avoid excessive iteration in bcrypt hash.
+     [Hanno Böck <hanno hboeck.de>]
+
   *) apr_siphash: Implement keyed hash function SipHash.  [Yann Ylavic]
 
   *) apr_atomic: change the API of apr_atomic_casptr() apr_atomic_xchgptr()

Modified: apr/apr/trunk/crypto/crypt_blowfish.c
URL: http://svn.apache.org/viewvc/apr/apr/trunk/crypto/crypt_blowfish.c?rev=1772803&r1=1772802&r2=1772803&view=diff
==============================================================================
--- apr/apr/trunk/crypto/crypt_blowfish.c (original)
+++ apr/apr/trunk/crypto/crypt_blowfish.c Mon Dec  5 20:56:59 2016
@@ -877,7 +877,7 @@ char *_crypt_gensalt_blowfish_rn(const c
 	const char *input, int size, char *output, int output_size)
 {
 	if (size < 16 || output_size < 7 + 22 + 1 ||
-	    (count && (count < 4 || count > 31)) ||
+	    (count && (count < 4 || count > 17)) ||
 	    prefix[0] != '$' || prefix[1] != '2' ||
 	    (prefix[2] != 'a' && prefix[2] != 'y')) {
 		if (output_size > 0) output[0] = '\0';




Mime
View raw message