|
Message-ID: <20221028173807.GA18716@openwall.com> Date: Fri, 28 Oct 2022 19:38:07 +0200 From: Solar Designer <solar@...nwall.com> To: yescrypt@...ts.openwall.com Subject: Re: Improving security of old DES hashes with fixed salt with "yescrypt" On Fri, Oct 28, 2022 at 06:00:21PM +0200, Matthias Apitz wrote: > While doing the implementation, I wrote a small C-pgm for demo and test > purpose which expects two parameters, a PIN and a yescrypt hash, and > checks if the PIN, re-encrypted with DES and yescrypt with the hash as > the salt, results again in the same hash: > > ./a.out 4711 '$y$jFT$4jf8BiOvgz14CJJ4lxBCi/$DD3S4PuniWVVuXr37GxmDXuP2XclbzIYB2JbgekVxg5' > pin: 4711 > hash: $y$jFT$4jf8BiOvgz14CJJ4lxBCi/$DD3S4PuniWVVuXr37GxmDXuP2XclbzIYB2JbgekVxg5 > > result: matched > > ./a.out 4712 '$y$jFT$4jf8BiOvgz14CJJ4lxBCi/$DD3S4PuniWVVuXr37GxmDXuP2XclbzIYB2JbgekVxg5' > pin: 4712 > hash: $y$jFT$4jf8BiOvgz14CJJ4lxBCi/$DD3S4PuniWVVuXr37GxmDXuP2XclbzIYB2JbgekVxg5 > > result: don't match > > Perhaps we will use a similar approach, starting from the Java > application such a programm and check its exit value. You could, but please note that if you put the PIN and the hash on the command line, they're likely visible to other users/programs on the system, and - depending on how exactly you invoke the external program - special characters inside the PIN could result in undesired processing. Also, there are only 256 different exit codes, and there's risk that whichever one you use to indicate success (typically 0) would also happen to be used on some kind of abnormal program termination (it isn't expected that 0 would be used that way, but you wouldn't want such misbehavior of some system component into a vulnerability). For input to your program, I suggest that you use stdin or environment variables. Even with usage of stdin, you do need to be careful about special characters if you use a text-oriented "protocol" (e.g., one item per line is susceptible to linefeed characters embedded in PIN, which you'd need to disallow first). If you choose to always do the pre-hashing with descrypt (as opposed to using yescrypt directly when you can), you could keep that step in Java (where I assume you already have it implemented), which would limit the character set of the string you need to pass to the external program. For output from your program (computed hash or comparison result), I suggest that you use stdout. You can also check the exit code. You can see similar logic/"protocol" implemented in pwqcheck.php bundled with passwdqc. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.