[PATCH] Document the 8-byte crypt() restriction

Mon, 17 Jan 2005 01:57:01 -0800 

As we all know, standard DES crypt() uses only 8 characters of the
password passed to it.  Alas, many people trip over this and expect
a long password to give them better protection. (We got security
reports for this already).

However, there are implementations which provide a concatenation of
several 8-byte-blocks. Do they still use the crypt() API? If not,
then I would propose to add one (or both) of the two attached patches:

<<htpasswd.c.diff>>: 
  Add an error exit to htpasswd which bails with ERR_OVERFLOW if the
  password is too long for crypt() -- a similar exit is taken if the
  password is too long for other reasons, e.g., because it was given on
  the command line but exceeded 8kB in size.

<<htpasswd.xml.diff>>:
  Document the restrictions implied by using DES crypt()


Comments?

  Martin
-- 
<[EMAIL PROTECTED]>         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany

Index: support/htpasswd.c
===================================================================
--- support/htpasswd.c  (Revision 125380)
+++ support/htpasswd.c  (Arbeitskopie)
@@ -175,6 +175,11 @@
 #if !(defined(WIN32) || defined(NETWARE))
     case ALG_CRYPT:
     default:
+        if (strlen(pw) > 8) {
+            apr_snprintf(record, (rlen - 1), "password too long (must be <= %" 
+                         APR_SIZE_T_FMT " for crypt format) -- Hint: Use MD5 
format", 8);
+            return ERR_OVERFLOW;
+        }
         (void) srand((int) time((time_t *) NULL));
         to64(&salt[0], rand(), 8);
         salt[8] = '\0';

Index: docs/manual/programs/htpasswd.xml
===================================================================
--- docs/manual/programs/htpasswd.xml   (Revision 125380)
+++ docs/manual/programs/htpasswd.xml   (Arbeitskopie)
@@ -190,6 +190,15 @@
 
     <p>The use of the <code>-b</code> option is discouraged, since when it is
     used the unencrypted password appears on the command line.</p>
+
+    <p>When using the <code>crypt()</code> algorithm, note that only the first
+    8 characters of the password are used  to form the password. If the 
supplied
+    password is longer, the extra characters will be silently discarded.</p>
+
+    <p>The SHA encryption format does not use salting: for a given password,
+    there is only one encrypted representation. The <code>crypt()</code> and
+    MD5 formats permute the representation by prepending a random salt string,
+    to make dictionary attacks against the passwords more difficult.</p>
 </section>
 
 <section id="restrictions"><title>Restrictions</title>

Reply via email to