[cryptography] Oddity in common bcrypt implementation
marsh at extendedsubset.com
Tue Jun 28 13:43:19 EDT 2011
On 06/28/2011 12:01 PM, Paul Hoffman wrote:
> And this discussion of ASCII and internationalization has what to do
> with cryptography, asks the person on the list is who is probably
> most capable of arguing about it but won't? 
It's highly relevant to the implementation of cryptographic systems as
Nico mentioned because interoperability depends on it and the nature of
cryptographic authentication systems tends to obscure the problems.
Sometimes security vulnerabilities result. The old LM LanMan password
hashing scheme uppercased everything for no good reason. Perhaps they
did it out of the desire to avoid issues with accented lower case
Look at these test vectors for PBKDF2:
None of them have the high bit set on any password character! Seems like
there was a recent bcrypt implementation issue that escaped notice for a
long time due to test vectors having this same property and some
cryptographically weak credentials were issued as a result.
1 of 8 bits of the key material is strongly biased towards 0. This loss
of entropy is especially significant when the entirety of the input is
limited to 8 or so chars as is common.
Wow, this sounds a lot like the way 64-bit DES was weakened to 56 bits.
More information about the cryptography