[cryptography] Oddity in common bcrypt implementation

Jeffrey Walton noloader at gmail.com
Wed Jun 29 18:41:42 EDT 2011


On Wed, Jun 29, 2011 at 11:06 AM, Marsh Ray <marsh at extendedsubset.com> wrote:
> On 06/29/2011 06:49 AM, Peter Gutmann wrote:
>>
>> So far I've had exactly zero complaints about i18n or c18n-based password
>> issues.
>>
>> [Pause]
>>
>> Yup, just counted them again, definitely zero.  Turns out that most of the
>> time when people are entering their passwords to, for example, unlock a
>> private key, they don't have it spread across multiple totally dissimilar
>> systems.
>
> Well I work on an implementation of the RADIUS thing as previously
> described. It's got a ton of users, some even in Asian countries, using it
> to interoperate with other vendors' products.
>
> I don't recall many users having password issues with character sets either.
> But I also know I could probably sit down and construct a broken case rather
> quickly.
>
> Nevertheless, if someone does report an unexplained issue we might ask if
> there are any weird, special characters in their password. (Actually, it's
> more complex than that. We reiterate that we would never ask them for their
> password but hint that special characters might be a source of problems.)
>
> So this suggests probably some combination of:
>
> 1. We picked the right encoding transformation logic. We receive the
> credentials via RADIUS and usually validate them against the Windows API
> which accepts UTF-16LE. IIRC we interpret the RADIUS credentials as what
> Windows calls "ANSI" for this.
>From my interop-ing experience with Windows, Linux, and Apple (plus
their mobile devices), I found the best choice for password
interoperability was UTF8, not UTF16. I've used UTF8 with classical
password file schemes, EAP-PSK, and Thomas Wu's SRP.

UTF8 works great for serialization and with other libraries, such as
Crypto++ and OpenSSL (sorry Dr. Guttman!). Plus, the windows standard
stream stuff was [is?] half broken for the wide character sets. So on
Windows, you're going to have to would around wostream problems or use
the narrow gear on the command line.

Jeff



More information about the cryptography mailing list