stackoom
  简体   繁体   中英

SHA512 crypt returns *0 when rounds=5000

 原文  2018-07-19 23:35:42       python/ passwords/ glibc/ crypt

Question

Since some days following python program returns *0 : 

import crypt
# broken:
>>> crypt.crypt('pw', '$6$rounds=5000$0123456789abcdef')
'*0'
# works:
>>> crypt.crypt("pw", '$6$0123456789abcdef')
'$6$0123456789abcdef$zAYvvEJcrKSqV2KUPTUM1K9eaGv20n9mUjWSDZW0QnwBRk0L...'
>>> crypt.crypt('pw', '$6$rounds=5001$0123456789abcdef')
'$6$rounds=5001$0123456789abcdef$mG98GkftS5iu1VOpowpXm1fgefTbWnRm4rbw...'
>>> crypt.crypt("pw", '$6$rounds=4999$0123456789abcdef')
'$6$rounds=4999$0123456789abcdef$ulXwrQtpwNd/t6NVUJo53AXMpp40IrpCHFyC...'

I did the same with a small C program using crypt_r and the output was the same. I read in some posts that *0 and *1 will be returned when there are errors.

According to the manpage crypt(3) specifying the rounds=xxx parameter is supported since glibc 2.7 and the default is 5000, when no rounds parameter is given (like in the second example). But why am I not allowed to set rounds to 5000?

I'm using Fedora 28 with glibc 2.27. The results are the same with different Python versions (even Python2 and Python3). Using crypt in PHP also works as expected. But the most interesting thing is that running the same command in a Docker container ( fedora:28 ) works: 

>>> crypt.crypt("pw", '$6$rounds=5000$0123456789abcdef')
'$6$rounds=5000$0123456789abcdef$zAYvvEJcrKSqV2KUPTUM1K9eaGv20n9mUjWS...'

Does anybody know the reason for this behavior?

1 answers

solution1
 3 ACCPTED  2018-07-20 12:38:00

The libxcrypt sources contain this: 

 /* Do not allow an explicit setting of zero rounds, nor of the default number of rounds, nor leading zeroes on the rounds. */

This was introduced in a commit “Add more tests based on gaps in line coverage.” with this comment:

This change makes us pickier about non-default round parameters to $5$ and $6$ hashes; numbers outside the valid range are now rejected, as are numbers with leading zeroes and an explicit request for the default number of rounds. This is in keeping with the observation, in the Passlib documentation, that allowing more than one valid crypt output string for any given (rounds, salt, phrase) triple is asking for trouble.

I suggest to open an issue if this causes too many compatibility issues. Alternatively, you can remove the rounds=5000 specification, but based on a quick glance, the change looks to me as if it should be reverted. It's not part of the original libcrypt implementation in glibc.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Python crypt.crypt not using sha512 despite $6$ Python SHA512 salted passwords with crypt on MacOS X crypt module not outputting a SHA512 hash as expected SHA512 encoding in python Python sha512 security Hashing in SHA512 using a salt? - Python Hash sha512 contents of a file in python java hash from “PBKDF2WithHmacSHA512” is differs from python CRYPT(digest_alg='pbkdf2(1000,20,sha512)', salt=True)(password)[0]) Python 3 sign a message with key sha512 Convert simultaneously to a SHA512 hash
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM