openssh bugs - Sep 2016 - [Bug 2611] New: Add support for $2b$ prefixed hashes

https://bugzilla.mindrot.org/show_bug.cgi?id=2611

            Bug ID: 2611
           Summary: Add support for $2b$ prefixed hashes
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P3
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: dcarlson at squareup.com

Created attachment 2870
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2870&action=edit
patch to add support

NOTE: refers to jbcrypt 0.4.0, but product is not selectable.

We have run into a problem with the prefix of bcrypt-hashed passwords.
Our generated hash values include the prefix $2b$, but our crypt
library rejects these, only accepting hash formats with the prefix
$2a$.
Our current bcrypt java library
(http://www.mindrot.org/projects/jBCrypt also
https://github.com/jeremyh/jBCrypt) uses the modular crypt format
(http://pythonhosted.org/passlib/modular_crypt_format.html) to store
both the salt and the hash of the password.
The python library we have selected uses bcrypt.c. In
(http://www.openwall.com/lists/oss-security/2012/01/02/4), 'Alexander'
describes that Christos Zoulas discovered a wrap-around error. This is
also described in https://en.wikipedia.org/wiki/Crypt_(C). Either way,
the actual behavior in the c libarary is not truncation, but wrapping
in a way that can eliminate significant (all) entropy in the overflow
case (overflow is of the len variable which is uint8).
As a mitigation, some implementations use the $2b$ prefix which
clarifies the behavior regarding long passwords (e.g. the actual
behavior is now truncation). Implementations generally have addressed
both the overflow and used the version bump to identify this change.
The jbcrypt library uses "minor >= 'a'" comparisons in many
positions,
but the critical section seems to be a check:
        if (salt.charAt(0) != '$' || salt.charAt(1) != '2') {
            throw new IllegalArgumentException("Invalid salt
version");
        }
        if (salt.charAt(2) == '$') {
            off = 3;
        } else {
            minor = salt.charAt(2);
            if (minor != 'a' || salt.charAt(3) != '$') {
                throw new IllegalArgumentException("Invalid salt
revision");
            }
            off = 4;
        }
This code only supports prefixes $2a$ and $2$. It appears that the java
implementation does not have the wrapping problem from the C
implementation, but for compatibility, we would prefer that the java
implementation include support for both.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2611

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
                 CC|                            |dtucker at zip.com.au
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org

--- Comment #1 from Darren Tucker <dtucker at zip.com.au> ---
I don't know if Damien is accepting bug reports for this nowadays, but
he's the only one that can do anything about it so reassiging for
either actioning or closing.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2611

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|ASSIGNED                    |RESOLVED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
jbcrypt bugs are not tracked here

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2611

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.