Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 28 Oct 2022 19:38:07 +0200
From: Solar Designer <>
Subject: Re: Improving security of old DES hashes with fixed salt with "yescrypt"

On Fri, Oct 28, 2022 at 06:00:21PM +0200, Matthias Apitz wrote:
> While doing the implementation, I wrote a small C-pgm for demo and test
> purpose which expects two parameters, a PIN and a yescrypt hash, and
> checks if the PIN, re-encrypted with DES and yescrypt with the hash as
> the salt, results again in the same hash:
> ./a.out 4711 '$y$jFT$4jf8BiOvgz14CJJ4lxBCi/$DD3S4PuniWVVuXr37GxmDXuP2XclbzIYB2JbgekVxg5'
> pin: 4711
> hash: $y$jFT$4jf8BiOvgz14CJJ4lxBCi/$DD3S4PuniWVVuXr37GxmDXuP2XclbzIYB2JbgekVxg5
> result: matched
> ./a.out 4712 '$y$jFT$4jf8BiOvgz14CJJ4lxBCi/$DD3S4PuniWVVuXr37GxmDXuP2XclbzIYB2JbgekVxg5'
> pin: 4712
> hash: $y$jFT$4jf8BiOvgz14CJJ4lxBCi/$DD3S4PuniWVVuXr37GxmDXuP2XclbzIYB2JbgekVxg5
> result: don't match
> Perhaps we will use a similar approach, starting from the Java
> application such a programm and check its exit value.

You could, but please note that if you put the PIN and the hash on the
command line, they're likely visible to other users/programs on the
system, and - depending on how exactly you invoke the external program -
special characters inside the PIN could result in undesired processing.
Also, there are only 256 different exit codes, and there's risk that
whichever one you use to indicate success (typically 0) would also
happen to be used on some kind of abnormal program termination (it isn't
expected that 0 would be used that way, but you wouldn't want such
misbehavior of some system component into a vulnerability).

For input to your program, I suggest that you use stdin or environment
variables.  Even with usage of stdin, you do need to be careful about
special characters if you use a text-oriented "protocol" (e.g., one item
per line is susceptible to linefeed characters embedded in PIN, which
you'd need to disallow first).

If you choose to always do the pre-hashing with descrypt (as opposed to
using yescrypt directly when you can), you could keep that step in Java
(where I assume you already have it implemented), which would limit the
character set of the string you need to pass to the external program.

For output from your program (computed hash or comparison result), I
suggest that you use stdout.  You can also check the exit code.

You can see similar logic/"protocol" implemented in pwqcheck.php bundled
with passwdqc.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.