php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #80744 password_verify fail to verify bcrypt hashes with cost below 4
Submitted: 2021-02-13 13:11 UTC Modified: 2021-02-13 14:12 UTC
From: divinity76 at gmail dot com Assigned:
Status: Not a bug Package: *Encryption and hash functions
PHP Version: 8.0.2 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
 [2021-02-13 13:11 UTC] divinity76 at gmail dot com 
Description:
------------
password_verify fail to verify bcrypt hashes with cost below 4

Test script:
---------------
<?php
var_dump(password_verify("",'$2a$03$AAAAAAAAAAAAAAAAAAAAA.TCFhOtNOtk2Oeef1z4xP561tW1AQOMW'));

Expected result:
----------------
bool(true)

Actual result:
--------------
bool(false)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-02-13 13:58 UTC] php-bugs at allenjb dot me dot uk 
I would posit that this response is correct:

The original OpenBSD implementation[0], which is the closest I believe exists to a specification for bcrypt, specifies a minimum number of 16 (2^4) rounds (BCRYPT_MINROUNDS in the OpenBSD source).

I would guess this is because lower values are likely vulnerable to the speed of brute-force cracking even at the time the algorithm was first proposed (and we've had over 2 decades of advances since then).

Following this "reference implementation", no library should ever generate a hash with a cost value of less than 4, and any such hashes that exist are therefore invalid.

[0] https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/crypt/bcrypt.c?rev=1.1&content-type=text/x-cvsweb-markup
 [2021-02-13 14:03 UTC] divinity76 at gmail dot com 
@allenjb 
interesting, does that mean that the self-test code on line 4 here should be increased from cost 0 to cost 4? since it's not actually testing a valid bcrypt hash in it's current form? 
https://github.com/php/php-src/blob/07fa13088e1349f4b5a044faeee57f2b34f6b6e4/ext/standard/crypt_blowfish.c#L814
 [2021-02-13 14:12 UTC] nikic@php.net
-Status: Open +Status: Not a bug
 [2021-02-13 14:12 UTC] nikic@php.net 
No, the self-test is performed with a reduced minimum cost threshold (1 instead of 16).
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Apr 27 16:01:29 2024 UTC