Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 6 Oct 2014 15:06:47 +0100
From: Leigh <leight@...il.com>
To: crypt-dev@...ts.openwall.com
Subject: BCrypt $2b$ support in PHP

Hi list,

I've submitted a patch to the PHP project to support revision 'b' of bcrypt.

Due diligence demands I seek consultation from others on
crypto-related changes, and Anthony Ferarra suggested mailing
crypto-dev in the interest of open communication, and on the
off-chance anyone is able to review the patch.

PHPs key-expansion is currently performed using an 18 x 4 nested loop,
rather than explicitly assigning the key length anywhere, which I am
assuming sidesteps the 8-bit length wrapping issue altogether.

The crypt 1.3 release states: Version 1.3 adds support for the $2b$
prefix introduced in OpenBSD 5.5+, which behaves exactly the same as
crypt_blowfish's $2y$.

As PHP already supports the 'y' revision, I again making an assumption
that supporting 'b' is as simple as using the same code path as 'y'.

Comments and/or review are both welcome and very much appreciated. The
patch is on github: https://github.com/php/php-src/pull/868

Thanks and kind regards,

Leigh.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ