When using hashpass with own salt, the salt is not truncated to 128 bits

Question

When using hashpass with own salt, the salt is not truncated to 128 bits

mbaeuerle opened this issue 8 years ago · 2 comments

When using own salt, the salt is not truncated to 128 bits. This leads to different hashes between this implementation and say PHP (if you leave aside the $2y$ at the beginning).
It's best shown by example:

iex(2)> Comeonin.Bcrypt.hashpass("test", "$2b$10$1234567899123456789012")
"$2b$10$1234567899123456789012.OtL1A1eGK5wmvBKUDYKvuVKI7h2XBu"

Notice how in the resulting hash the salt ends with a 2:
"$2b$10$1234567899123456789012.OtL1A1eGK5wmvBKUDYKvuVKI7h2XBu"

Doing the same in PHP:

>>> crypt("test", "$2y$10$1234567899123456789012")
=> "$2y$10$123456789912345678901u.OtL1A1eGK5wmvBKUDYKvuVKI7h2XBu"

"$2y$10$123456789912345678901u.OtL1A1eGK5wmvBKUDYKvuVKI7h2XBu"
Here the last character is truncated to an u because of the 128 bit length of the salt.
See this Question on Security.Stackexchange.

I think there is no problem with the open bsd bcrypt module itself because both versions are valid:

iex(5)> Comeonin.Bcrypt.checkpw("test", "$2b$10$1234567899123456789012.OtL1A1eGK5wmvBKUDYKvuVKI7h2XBu")
true
iex(6)> Comeonin.Bcrypt.checkpw("test", "$2b$10$123456789912345678901u.OtL1A1eGK5wmvBKUDYKvuVKI7h2XBu")
true

It's rather a problem with the return value from hashpass/2: https://github.com/riverrun/comeonin/blob/master/lib/comeonin/bcrypt.ex#L197
Here the salt is just returned as given by the user, and I think this should be truncated to 128 bits.

Answer 1 · 2017-07-06T04:15:54.000Z

Thanks for raising the issue. I'll look into it further and get back to you as soon as possible.

Answer 2 · 2017-07-07T07:21:45.000Z

Thanks for the fast fix! 🎉