Issue 8596: crypt blowfish 'ignores' salt (original) (raw)

Created on 2010-05-02 04:04 by pvo, last changed 2022-04-11 14:57 by admin. This issue is now closed.

| Messages (7) | | | | | | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | | ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | msg104768 - (view) | Author: pvo (pvo) | Date: 2010-05-02 04:04 | | | | | Blowfish crypt uses a 128 bit salt, not only the letters [./a-zA-Z0-9]. Despite the different salts, crypt ignores the salt and produces identical encrypted passwords. The problem occurs on FreeBSD 7.2 with Python 2.5.5 (r255:77872) and Python 2.6.4 (r264:7570) (both from the ports) python2.6 crypt_blf.py salt: '$2a$05$)O\x0e9\xb7\xb0\xc9\xd6)v.\xd3\x03\xea!\xc1$' 2a2a2a05$t59ktwmm7.WpI...../5uuAazXv5nUvrWyN1EzMcL6/EQ0HrNyJwq salt: '$2a$05$\x1ak\x0c\xfbF\xf5\xdf\xb4\x99\xa6\x12\x81\x8d\xce\xea\x19$' 2a2a2a05$COgstwmm........../5uuu63L/Vi1a/9FQpklC2BKZ74ai8JM2ey salt: '$2a$05$\x80:\x14\xbb\xc3R\x95\xb9\xcb\xf0#\x04\xbf"\xf7\xe9$' 2a2a2a05$COgstwmm........../5uuu63L/Vi1a/9FQpklC2BKZ74ai8JM2ey salt: '$2a$05$i\x01 \x10\x13#\xe3\xdc\x80\x90[3\xd5@(\x96$' 2a2a2a05$COgstwmm........../5uuu63L/Vi1a/9FQpklC2BKZ74ai8JM2ey salt: '$2a$05$<\xa8CY\xa6\x018\xe7\x0b}\x92\xd3\xa1L1\xfb$' 2a2a2a05$COgstwmm........../5uuu63L/Vi1a/9FQpklC2BKZ74ai8JM2ey | | | | | | | msg104779 - (view) | Author: Mark Dickinson (mark.dickinson) * | Date: 2010-05-02 10:06 | | | | | I doubt this is a Python issue, since the crypt function does little more than wrap the system crypt function. What does your man page for crypt say? Are you sure you're providing a salt that the system crypt accepts? | | | | | | | msg104804 - (view) | Author: pvo (pvo) | Date: 2010-05-02 21:27 | | | | | FreeBSD's crypt(3) doesn't explain the 'salt' for Blowfish crypt exactly. OpenBSD's crypt(3) says: "The Blowfish version of crypt has 128 bits of salt in order to make building dictionaries of common passwords space consuming." I wrote a few lines of C code. Copied the salts from the output above to it and cryt()ed "test". The result differs: 2a2a2a05$/Ae.aeamG.....O.../52uwMz3Q1WQSyWoWTy6zNndsrkAl2fnTn. I hope I'll find some useful hints in the near future. | | | | | | | msg104808 - (view) | Author: Mark Dickinson (mark.dickinson) * | Date: 2010-05-02 21:47 | | | | | > FreeBSD's crypt(3) doesn't explain the 'salt' for Blowfish crypt exactly. Reading: http://www.freebsd.org/cgi/man.cgi?query=crypt&apropos=0&sektion=3&manpath=FreeBSD+7.2-RELEASE&format=html and especially the section entitled "Modular crypt", it looks like your salt should take the form "$2$salt$ignored", where there are at most 8 characters of salt and the 'ignored' bit is ignored. So your 2a2a2a looks wrong to me: shouldn't it be 222? And after that, in the examples that you give, the only used portion of the salt is "05", which is the same in all the examples, so I'd expect to get the same output in each case. I can't see any way that Python could be contributing to this: if you look at the implementation (in Modules/cryptmodule.c), you'll see that the crypt function (called crypt_crypt in the source) really is a trivial wrapper around the system function; there's no pre- or post-processing of arguments. Can you attach the C code that's giving the different results? | | | | | | | msg104809 - (view) | Author: pvo (pvo) | Date: 2010-05-03 00:57 | | | | | 2a2a2a12$saltysalt$ignored ^ ^ ^ ^ | | | \_ignored | | \_the salt | \_number of rounds (04-31) \_ crypt id About the crypt id: I read too much Blowfish crypt related stuff in the recent both days. Can't remember exactly the difference between the IDs '2' and '2a'. The /etc/master.passwd on my OpenBSD contains encrypted passwords with the '2a' ID. The C code is attached. | | msg104828 - (view) | Author: pvo (pvo) | Date: 2010-05-03 09:10 | | | | | OpenBSD's crypt(3) mentions some bcrypt*() functions. One of this functions is "char * bcrypt_gensalt(u_int8_t log_rounds)". It produces salts like: 2a2a2a04$7.zkQ.HPURlplcFTWgDL3u or 2a2a2a04$l2SuIEWPqF4D3uMTABgBYO Passing this salts to Pyton's crypt.crypt on FreeBSD works perfect. Sorry for the noise. | | | | | | | msg104829 - (view) | Author: Mark Dickinson (mark.dickinson) * | Date: 2010-05-03 09:18 | | | | | Okay, thanks for the update! Looks like the FreeBSD crypt manpage could use some work... | | | | | |