bugzilla-daemon at mindrot.org
2013-May-02 09:14 UTC
[Bug 2097] New: if gensalt's log_rounds parameter is set to 31 it does 0 (ZERO) rounds!
https://bugzilla.mindrot.org/show_bug.cgi?id=2097
Bug ID: 2097
Summary: if gensalt's log_rounds parameter is set to 31 it does
0 (ZERO) rounds!
Classification: Unclassified
Product: jBCrypt
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: Default
Assignee: djm at mindrot.org
Reporter: rathsfeld at pilodata.de
In the method crypt_raw you are calculating the rounds with:
int rounds = 1 << log_rounds;
Java's int is a signed type, meaning a 1 << 31 will cause it to flip
to
-2147483648
Hence this loop further down will not run at all:
for (i = 0; i < rounds; i++) {
key(password);
key(salt);
}
rounds needs to be of type long if 31 is supposed to be a valid
parameter!
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2013-May-02 09:17 UTC
[Bug 2097] if gensalt's log_rounds parameter is set to 31 it does 0 (ZERO) rounds!
https://bugzilla.mindrot.org/show_bug.cgi?id=2097 --- Comment #1 from Marcus Rathsfeld <rathsfeld at pilodata.de> --- Forgot something! The line needs to be long rounds = 1l << log_rounds; -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Jan-23 09:04 UTC
[Bug 2097] if gensalt's log_rounds parameter is set to 31 it does 0 (ZERO) rounds!
https://bugzilla.mindrot.org/show_bug.cgi?id=2097
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |MOVED
Status|NEW |RESOLVED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
jBCrypt is not longer in this bugtracker
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2022-Feb-25 02:59 UTC
[Bug 2097] if gensalt's log_rounds parameter is set to 31 it does 0 (ZERO) rounds!
https://bugzilla.mindrot.org/show_bug.cgi?id=2097
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
closing bugs resolved before openssh-8.9
--
You are receiving this mail because:
You are watching the assignee of the bug.
Apparently Analagous Threads
- [Bug 2611] New: Add support for $2b$ prefixed hashes
- [Bug 1982] New: different behavior compared to php (openwall version of bcrypt)
- [Bug 1910] New: checkpw returns true when it shouldn't
- CEBA-2020:2097 CentOS 7 sos-collector BugFix Update
- from ISC: Exim/Dovecot exploit making the rounds