Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 28 Oct 2022 19:38:07 +0200
From: Solar Designer <solar@...nwall.com>
To: yescrypt@...ts.openwall.com
Subject: Re: Improving security of old DES hashes with fixed salt with "yescrypt"

On Fri, Oct 28, 2022 at 06:00:21PM +0200, Matthias Apitz wrote:
> While doing the implementation, I wrote a small C-pgm for demo and test
> purpose which expects two parameters, a PIN and a yescrypt hash, and
> checks if the PIN, re-encrypted with DES and yescrypt with the hash as
> the salt, results again in the same hash:
> 
> ./a.out 4711 '$y$jFT$4jf8BiOvgz14CJJ4lxBCi/$DD3S4PuniWVVuXr37GxmDXuP2XclbzIYB2JbgekVxg5'
> pin: 4711
> hash: $y$jFT$4jf8BiOvgz14CJJ4lxBCi/$DD3S4PuniWVVuXr37GxmDXuP2XclbzIYB2JbgekVxg5
> 
> result: matched
> 
> ./a.out 4712 '$y$jFT$4jf8BiOvgz14CJJ4lxBCi/$DD3S4PuniWVVuXr37GxmDXuP2XclbzIYB2JbgekVxg5'
> pin: 4712
> hash: $y$jFT$4jf8BiOvgz14CJJ4lxBCi/$DD3S4PuniWVVuXr37GxmDXuP2XclbzIYB2JbgekVxg5
> 
> result: don't match
> 
> Perhaps we will use a similar approach, starting from the Java
> application such a programm and check its exit value.

You could, but please note that if you put the PIN and the hash on the
command line, they're likely visible to other users/programs on the
system, and - depending on how exactly you invoke the external program -
special characters inside the PIN could result in undesired processing.
Also, there are only 256 different exit codes, and there's risk that
whichever one you use to indicate success (typically 0) would also
happen to be used on some kind of abnormal program termination (it isn't
expected that 0 would be used that way, but you wouldn't want such
misbehavior of some system component into a vulnerability).

For input to your program, I suggest that you use stdin or environment
variables.  Even with usage of stdin, you do need to be careful about
special characters if you use a text-oriented "protocol" (e.g., one item
per line is susceptible to linefeed characters embedded in PIN, which
you'd need to disallow first).

If you choose to always do the pre-hashing with descrypt (as opposed to
using yescrypt directly when you can), you could keep that step in Java
(where I assume you already have it implemented), which would limit the
character set of the string you need to pass to the external program.

For output from your program (computed hash or comparison result), I
suggest that you use stdout.  You can also check the exit code.

You can see similar logic/"protocol" implemented in pwqcheck.php bundled
with passwdqc.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.