Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 7 Oct 2014 12:41:38 +0100
From: Leigh <leight@...il.com>
To: crypt-dev@...ts.openwall.com
Subject: Re: BCrypt $2b$ support in PHP

Alexander, many thanks for taking the time to review this.

> While I like the simplicity of this patch, I'd prefer to merge
> crypt_blowfish's more elaborate changes into its revision in PHP instead
> of deviating from crypt_blowfish farther.

I feel quite dense for not even looking at your reference code, and
just stumbling blindly into it. Although at the same time quite happy
I made some of the same changes :)

> - Extra test vectors from wrappers.c.  Your added test vectors do not
> check that 'b' is implemented as equivalent specifically to 'y', rather
> than possibly to 'a' or 'x'.

I've now taken the new test vectors from 1.3, as well as a batch that
were completely missing which revealed some bugs in PHPs
implementation; also now fixed.

> Basically, please diff crypt_blowfish-1.2 to crypt_blowfish-1.3 and port
> those changes.  If any changes made between older versions of
> crypt_blowfish haven't made it into the PHP tree yet, port those as well -
> with a separate patch.  We'll also need to take a look at how the final
> code in PHP would differ from crypt_blowfish-1.3's, and make sure only
> the actually intentional changes are in there.  This will ease further
> updates, if those are needed.

I've reviewed the 1.1 to 1.2, and 1.2 to 1.3 diffs and am happy to say
that only changes between 1.2 and 1.3 needed to be applied. I have
preserved all of the PHP specific hacks and updated everything else to
be in line with 1.3

Again, many thanks for your time.

Leigh.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ