null bytes + bcrypt = problem:http://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html …
@ircmaxell I agree with @solardiz - this has nothing to do with bcrypt and everything to do with PHP's misleading API for crypt wrappers.
-
-
@RichFelker@solardiz well, I'd argue that using c-strings for secrets (even passwords) is an issue. One that I hope future designs fix. -
@ircmaxell@RichFelker Sure. The temporary PHS() C API that PHC candidates use accepts pointers and lengths separately. -
@solardiz@ircmaxell In that case the ideal behavior is probably to check the full length for nul bytes and error-out early. -
@RichFelker@ircmaxell Even if the check itself is timing-safe, you'd have different timings and error logs for inputs with NULs vs. without -
@solardiz@ircmaxell Does it matter if that's an erroneous password that will never be accepted? -
@RichFelker Oh, if "error-out early" is literal, it's OK, but@ircmaxell and I were discussing (via e-mail) what can be done in practice -
@solardiz@RichFelker We could turn it into an exception... Which still leaks timing information about password length for normal pw's -
@ircmaxell@solardiz I think we're misinterpreting what each other are saying. Twitter probably isn't the right medium for this discussion. - 1 more reply
New conversation -
-
-
@RichFelker@ircmaxell I wouldn't single out PHP as well, e.g. Perl's crypt() is similarly affected. All wrappers to C APIs are.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.