Tickets :: [#8425] Poor salt generation for crypt-*

6.0.0-beta1

7/19/25

Summary	Poor salt generation for crypt-*
Queue	Horde Framework Packages
Queue Version	Git master
Type	Bug
State	Resolved
Priority	2. Medium
Owners	chuck (at) horde (dot) org
Requester	lowzl (at) hotmail (dot) com
Created	07/10/2009 (5853 days ago)
Due
Updated	09/08/2009 (5793 days ago)
Assigned	07/11/2009 (5852 days ago)
Resolved	09/08/2009 (5793 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

09/08/2009 09:08:43 AM	CVS Commit	Comment #8	Reply to this comment
Changes have been made in CVS for this ticket: More salt improvements - use all base64 characters (not just hex) for crypt, crypt-des, and crypt-blowfish (~~Bug #8425~~). http://git.horde.org/diff.php/framework/Auth/lib/Horde/Auth.php?rt=horde-git&r1=4ef82a9d67556dda442771964a32ce5d8a6a581d&r2=7a49e649d831346749ac5ddb0a8e4ef16f11d414

09/08/2009 08:41:00 AM	CVS Commit	Comment #7	Reply to this comment
More salt improvements - use all base64 characters (not just hex) for crypt, crypt-des, and crypt-blowfish (~~Bug #8425~~).

09/08/2009 03:01:13 AM	Chuck Hagenbuch	Comment #6 Assigned to Chuck Hagenbuch State ⇒ Resolved	Reply to this comment
Added changes for crypt, crypt-des, and crypt-blowfish also. Thanks!

07/20/2009 06:23:43 PM	Chuck Hagenbuch	Comment #5	Reply to this comment
Committed the crypt-md5 change: http://git.horde.org/diff.php/framework/Auth/lib/Horde/Auth.php?rt=horde-git&r1=83ba16e6c0ec3c989eab0a81fcda06978ddef8a1&r2=e57680006a7a0c33f08a94e05ebf7c69b486d401

07/12/2009 02:22:36 AM	lowzl (at) hotmail (dot) com	Comment #4	Reply to this comment
A similar thing should be fine - substr(base64_encode(hash('md5', mt_rand(), true)), 0, 2) for example. (It would be best to not use a MD5 at all and just use the random numbers directly, but I'm not sure how to do that.) I don't know what the salt requirements for crypt-blowfish are.

07/11/2009 04:58:22 PM	Chuck Hagenbuch	Comment #3	Reply to this comment
Also crypt-blowfish

07/11/2009 04:57:59 PM	Chuck Hagenbuch	Comment #2 Version ⇒ Git master State ⇒ Feedback	Reply to this comment
I think the code has changed a bit in the latest version. I've got this for the crypt-md5 case: diff --git a/framework/Auth/lib/Horde/Auth.php b/framework/Auth/lib/Horde/Auth.php index 8a5695a..fce7771 100644 --- a/framework/Auth/lib/Horde/Auth.php +++ b/framework/Auth/lib/Horde/Auth.php @@ -266,7 +266,7 @@ class Horde_Auth case 'crypt-md5': return $seed ? substr(preg_replace('\|^{crypt}\|i', '', $seed), 0, 12) - : '$1$' . substr(hash('md5', mt_rand()), 0, 8) . '$'; + : '$1$' . base64_encode(hash('md5', sprintf('%08X%08X', mt_rand(), mt_rand()), true)) . '$'; case 'crypt-blowfish': return $seed What would you suggest for crypt and crypt-des? It's currently: case 'crypt': case 'crypt-des': return $seed ? substr(preg_replace('\|^{crypt}\|i', '', $seed), 0, 2) : substr(hash('md5', mt_rand()), 0, 2); Thanks!

07/10/2009 05:50:12 AM	lowzl (at) hotmail (dot) com	Comment #1 Priority ⇒ 2. Medium Type ⇒ Bug Summary ⇒ Poor salt generation for crypt-* Queue ⇒ Horde Framework Packages Milestone ⇒ Patch ⇒ No State ⇒ Unconfirmed	Reply to this comment
In lib/Horde/Auth.php, the function getSalt uses a poor algorithm for generating salts for crypt-*. crypt allows, at the very least, all Base64 characters in the salt, but the current algorithm only generates hexadecimal digits. Furthermore, for crypt-md5, 8 bytes of salt is permitted, so there are 64^8 = 2^48 possible salt values (if we only allow Base64 characters), but on most systems, mt_rand() only generates 2^31 different values, so the current algorithm generates at most 2^31 different salt values. A better algorithm would use, for example, base64_encode(md5(sprintf('%08X%08X', mt_rand(), mt_rand()), TRUE)) instead of just md5(mt_rand()).