[Question] What is the purpose of `LongPasswordStrategies.none()`?
mathieutu opened this issue · 3 comments
Hi.
Thanks for your package!
Context: we're implementing Bcrypt, but our password are prehashed, so longer than the default. I've found the usage of LongPasswordStrategy.none() in our code and would like to understand its implications.
I'm trying to understand the logic of LongPasswordStrategies.
What I've understood:
- Bcrypt doesn't handle > 71 bytes passwords
- This package raises an error if the password too long because
LongPasswordStrategies.strictis in the defaults. - The package provides a
LongPasswordStrategythat avoids this issue by either truncating the password, or deriving the password via sha512. - The package also provides a public
LongPasswordStrategy.none()method which is just a pass-through, and returns the raw password, but stop raising an error.
We initially had the StrictMaxPasswordLengthStrategy error. By adding the PassThrough strategy, we don't have it any more (which is pretty normal seeing the code), and our users are logged successfully.
However, what are the implications of doing that? What is the real behaviour with long password in this case? Why is it working, even if due to ... Blowfish cipher, the maximum password length is ... 71 bytes? Could it be a security breach for us?
Thanks for all your answers, and again for your work!
(If you like, I could add some doc based on your responses to the readme, or the code 🙂 ).
Matt'
Actually, I've made some tries:
I created a user with password aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa (72 bytes)
I can log with any password starting with this one.
Example
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaafsjofsojfowhfwuhfwoud
It seems to be the expected behaviour of the truncate strategy. Do you confirm?
In this case, maybe it's worth adding a warning (and explain more the none vs truncate?).
Thanks again.
Practically truncate and none should behave the same. The difference is that truncate actively removes data longer than max length, while none passes the raw data to the inner cryptographic primitive (which in turn will ignore everything longer than 72 bytes). Due to a bug in the implementation (0.9.0 and below) the max length was calculated to 71 (because null terminator) while it actually is 72. In this edge case, "none" would behave correctly while "truncate" will cut one byte (but its already fixed)
To your second question: no this is not a security breach, handling long passwords in bcrypt effectivly creates a new password scheme that's why the default avoids it.
As a side note: if I design user password entry, I usually set a maximum length (lets say 64 chars), that's a way to avoid this edge case. Max password length is also encouraged to since it might be a Denial of Service Vector - however one can argue if 64 is sensible or 256, or even more.