[jira] [Commented] (CODEC-245) RegEx for verifying salts in ShaCrypt is incorrect
[ https://issues.apache.org/jira/browse/CODEC-245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16376204#comment-16376204 ] Gary Gregory commented on CODEC-245: I'm open to discussing what makes the most sense for users here, while keeping in mind reasonable backward compatibility if possible. > RegEx for verifying salts in ShaCrypt is incorrect > -- > > Key: CODEC-245 > URL: https://issues.apache.org/jira/browse/CODEC-245 > Project: Commons Codec > Issue Type: Bug >Affects Versions: 1.11 >Reporter: Simon Levermann >Priority: Major > > The regex/code that extracts the salt from a given salt string in Sha2Crypt > treats some invalid salt formats as valid: > {code:java} > ^\$([56])\$(rounds=(\d+)\$)?([\.\/a-zA-Z0-9]{1,16}).* > {code} > The code then goes on to use capture group 3 (the round count) to determine > how many rounds are used, and capture group 4 (the actual salt) to use as > salt data. > However, for an input that contains an invalid salt specification like this: > {code:java} > $5$notrounds=1000$asdfasdf > {code} > This string is treated as valid. The operation then uses "notrounds" as the > salt for hashing: > {code:java} > System.out.println(Sha2Crypt.sha256Crypt(new byte[100], > "$5$notrounds=1000$asdfasdf")); > {code} > The above code prints > {code:java} > $5$notrounds$aAEx6EzUBfc.aIIeiItVjUREbj/ar4xlb/qcMxD90NA > {code} > This code should probably throw an exception. Additionally, other invalid > salt strings like > > {code:java} > $6$rounds=1000$äöüäöü > {code} > Result in hashes like: > {code:java} > $5$rounds$ZIRdMgi25kK5Zmi1whKjcnFN/Pe8QCAOlTmxMfwAoq5 > {code} > Completely ignoring the rounds parameter, and using the literal string > "rounds" as the salt for hashing. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CODEC-245) RegEx for verifying salts in ShaCrypt is incorrect
[ https://issues.apache.org/jira/browse/CODEC-245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16369090#comment-16369090 ] Simon Levermann commented on CODEC-245: --- Is there interest in a PR that aligns the behaviour to be more similar to the original crypt function, or should this behaviour (since honestly, I found it quite unexpected) not be ported to this library? > RegEx for verifying salts in ShaCrypt is incorrect > -- > > Key: CODEC-245 > URL: https://issues.apache.org/jira/browse/CODEC-245 > Project: Commons Codec > Issue Type: Bug >Affects Versions: 1.11 >Reporter: Simon Levermann >Priority: Major > > The regex/code that extracts the salt from a given salt string in Sha2Crypt > treats some invalid salt formats as valid: > {code:java} > ^\$([56])\$(rounds=(\d+)\$)?([\.\/a-zA-Z0-9]{1,16}).* > {code} > The code then goes on to use capture group 3 (the round count) to determine > how many rounds are used, and capture group 4 (the actual salt) to use as > salt data. > However, for an input that contains an invalid salt specification like this: > {code:java} > $5$notrounds=1000$asdfasdf > {code} > This string is treated as valid. The operation then uses "notrounds" as the > salt for hashing: > {code:java} > System.out.println(Sha2Crypt.sha256Crypt(new byte[100], > "$5$notrounds=1000$asdfasdf")); > {code} > The above code prints > {code:java} > $5$notrounds$aAEx6EzUBfc.aIIeiItVjUREbj/ar4xlb/qcMxD90NA > {code} > This code should probably throw an exception. Additionally, other invalid > salt strings like > > {code:java} > $6$rounds=1000$äöüäöü > {code} > Result in hashes like: > {code:java} > $5$rounds$ZIRdMgi25kK5Zmi1whKjcnFN/Pe8QCAOlTmxMfwAoq5 > {code} > Completely ignoring the rounds parameter, and using the literal string > "rounds" as the salt for hashing. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CODEC-245) RegEx for verifying salts in ShaCrypt is incorrect
[ https://issues.apache.org/jira/browse/CODEC-245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361183#comment-16361183 ] Simon Levermann commented on CODEC-245: --- Though I suppose it's still *somewhat* incorrect: Apparently, *all bytes* are valid salts, not just base64 characters. For example, invoking the libc crypt function like this: {code:java} char *foo = crypt("asdfasdf", "$6$mounds=1000$asdf$"); {code} results in the following hash: {code:java} $6$mounds=1000$A9qEzceIj1cqGxb4w8WdBvHHotUYOmx.xnedWJRwQQJCZCHKpSHX4qwcY9DIvXN.ggWMhKRW4pE93oGgPOOBy0 {code} That is: "mounds=1000" is the literal salt here, and the actually supplied salt, "asdf" is discarded. Apparently the specification does NOT mandate that salts must be B64-encoded. It seems like any bytes (even non-printable characters) are valid for salts, but only ever the first 16 bytes are used. Thoughts on how to continue here? > RegEx for verifying salts in ShaCrypt is incorrect > -- > > Key: CODEC-245 > URL: https://issues.apache.org/jira/browse/CODEC-245 > Project: Commons Codec > Issue Type: Bug >Affects Versions: 1.11 >Reporter: Simon Levermann >Priority: Major > > The regex/code that extracts the salt from a given salt string in Sha2Crypt > treats some invalid salt formats as valid: > {code:java} > ^\$([56])\$(rounds=(\d+)\$)?([\.\/a-zA-Z0-9]{1,16}).* > {code} > The code then goes on to use capture group 3 (the round count) to determine > how many rounds are used, and capture group 4 (the actual salt) to use as > salt data. > However, for an input that contains an invalid salt specification like this: > {code:java} > $5$notrounds=1000$asdfasdf > {code} > This string is treated as valid. The operation then uses "notrounds" as the > salt for hashing: > {code:java} > System.out.println(Sha2Crypt.sha256Crypt(new byte[100], > "$5$notrounds=1000$asdfasdf")); > {code} > The above code prints > {code:java} > $5$notrounds$aAEx6EzUBfc.aIIeiItVjUREbj/ar4xlb/qcMxD90NA > {code} > This code should probably throw an exception. Additionally, other invalid > salt strings like > > {code:java} > $6$rounds=1000$äöüäöü > {code} > Result in hashes like: > {code:java} > $5$rounds$ZIRdMgi25kK5Zmi1whKjcnFN/Pe8QCAOlTmxMfwAoq5 > {code} > Completely ignoring the rounds parameter, and using the literal string > "rounds" as the salt for hashing. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CODEC-245) RegEx for verifying salts in ShaCrypt is incorrect
[ https://issues.apache.org/jira/browse/CODEC-245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361180#comment-16361180 ] Simon Levermann commented on CODEC-245: --- Well it turns out it was I who was wrong. The spec for shacrypt was apparently written with the following thought in mind: "Invalid inputs do not exist. Every input is valid *no matter what*". So, apparently, this behaviour, despite being HIGHLY confusing and obviously insane, is correct. Not quite sure what to do about this. > RegEx for verifying salts in ShaCrypt is incorrect > -- > > Key: CODEC-245 > URL: https://issues.apache.org/jira/browse/CODEC-245 > Project: Commons Codec > Issue Type: Bug >Affects Versions: 1.11 >Reporter: Simon Levermann >Priority: Major > > The regex/code that extracts the salt from a given salt string in Sha2Crypt > treats some invalid salt formats as valid: > {code:java} > ^\$([56])\$(rounds=(\d+)\$)?([\.\/a-zA-Z0-9]{1,16}).* > {code} > The code then goes on to use capture group 3 (the round count) to determine > how many rounds are used, and capture group 4 (the actual salt) to use as > salt data. > However, for an input that contains an invalid salt specification like this: > {code:java} > $5$notrounds=1000$asdfasdf > {code} > This string is treated as valid. The operation then uses "notrounds" as the > salt for hashing: > {code:java} > System.out.println(Sha2Crypt.sha256Crypt(new byte[100], > "$5$notrounds=1000$asdfasdf")); > {code} > The above code prints > {code:java} > $5$notrounds$aAEx6EzUBfc.aIIeiItVjUREbj/ar4xlb/qcMxD90NA > {code} > This code should probably throw an exception. Additionally, other invalid > salt strings like > > {code:java} > $6$rounds=1000$äöüäöü > {code} > Result in hashes like: > {code:java} > $5$rounds$ZIRdMgi25kK5Zmi1whKjcnFN/Pe8QCAOlTmxMfwAoq5 > {code} > Completely ignoring the rounds parameter, and using the literal string > "rounds" as the salt for hashing. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (CODEC-245) RegEx for verifying salts in ShaCrypt is incorrect
[ https://issues.apache.org/jira/browse/CODEC-245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361065#comment-16361065 ] Gary Gregory commented on CODEC-245: We gladly accept GitHub PRs :) with a unit test would be fantastic. > RegEx for verifying salts in ShaCrypt is incorrect > -- > > Key: CODEC-245 > URL: https://issues.apache.org/jira/browse/CODEC-245 > Project: Commons Codec > Issue Type: Bug >Affects Versions: 1.11 >Reporter: Simon Levermann >Priority: Major > > The regex/code that extracts the salt from a given salt string in Sha2Crypt > treats some invalid salt formats as valid: > {code:java} > ^\$([56])\$(rounds=(\d+)\$)?([\.\/a-zA-Z0-9]{1,16}).* > {code} > The code then goes on to use capture group 3 (the round count) to determine > how many rounds are used, and capture group 4 (the actual salt) to use as > salt data. > However, for an input that contains an invalid salt specification like this: > {code:java} > $5$notrounds=1000$asdfasdf > {code} > This string is treated as valid. The operation then uses "notrounds" as the > salt for hashing: > {code:java} > System.out.println(Sha2Crypt.sha256Crypt(new byte[100], > "$5$notrounds=1000$asdfasdf")); > {code} > The above code prints > {code:java} > $5$notrounds$aAEx6EzUBfc.aIIeiItVjUREbj/ar4xlb/qcMxD90NA > {code} > This code should probably throw an exceptions. Additionally, other invalid > salt strings like > > {code:java} > $6$rounds=1000$äöüäöü > {code} > Result in hashes like: > {code:java} > $5$rounds$ZIRdMgi25kK5Zmi1whKjcnFN/Pe8QCAOlTmxMfwAoq5 > {code} > Completely ignoring the rounds parameter, and using the literal string > "rounds" as the salt for hashing. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)