On 06/11/18 17:40, Richard Levitte wrote: > In message <8ee45344-9bfc-44f9-9db2-c384f7645...@akamai.com> on Mon, 11 Jun > 2018 15:25:23 +0000, "Salz, Rich" <rs...@akamai.com> said: > > rsalz> > *must* do when getting '-pass8bit' is to do a naïve UTF-8 encode > of > rsalz> the input pass phrase string. PKCS12_generate_mac() will then > decode > rsalz> > rsalz> I disagree. > rsalz> > rsalz> There are two reasons why users enter "illegal" passwords now, > rsalz> and by now requiring them to make it explicit we can (a) check > rsalz> only for ASCII on current inputs; (b) make them thing about > rsalz> what they're doing and require them to specify; (c) set the > rsalz> expectation that something will change in the future. > > [btw, PKCS12_gen_mac(), not PKCS12_generate_mac()] > > So wait, if the user enters this: > > openssl pkcs12 -export -in foo.pem -out foo.p12 \ > -pass8bit -password pass:`echo 72c3a46b61 | xxd -r -p` > > ... then it seems "natural" that the user would expect the resulting > BMPString to become this set of bytes, right? > > 0x00, 0x72, 0x00, 0xc3, 0x00, 0xa4, 0x00, 0x6b, 0x00, 0x61, 0x00, 0x00 > > However, what's going to happen is that PKCS12_gen_mac() will generate > this for a BMPString: > > 0x00, 0x72, 0x00, 0xe4, 0x00, 0x6b, 0x00, 0x61, 0x00, 0x00 > > Why? Because the input pass phrase can be interpreted as a UTF-8 > encoded string, and PKCS12_gen_mac() will decode it thusly. > > From a user interface point of view, I would fine such behavior very > surprising, and not at all what I'd expect for a flag named '-pass8bit' >
I think there are many ways for the user to shoot into his own knee with entering unicode glyphs accidentally, with are even invisible when printed to the console, just think of the EM DASH U+2014: "—" Or unicode non break space U+00A0 which looks like an ordinary space but is something different As a user, I would not be happy if one of these slipped into a password, that's certainly sure. So in my opinion when entering new passwords it should be restricted to 7bit ASCII printable characters, except if advised otherwise by an option like -pass8bit. Bernd. _______________________________________________ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
