search

pyca / bcrypt

Modern(-ish) password hashing for your software and your servers
Apache License 2.0
1.18k stars 158 forks source link

Salts Error #531

Closed junque1r4 closed 1 year ago

junque1r4 commented 1 year ago

I have been trying to use a custom salt with bcrypt.hashpw() but it always returns an error, stating that the salt is invalid. It seems that the salt generated by bcrypt.gensalt() works fine, but when I try to generate a salt on my own, it fails to work with the hash function. I am not sure why this is happening, but I suspect that the hash function expects a specific format or structure for the salt, which I am not meeting with my own custom salt. I would appreciate any insights on this issue.

My desire is to demonstrate the possibility of attack vectors, but I am unable to do so when I am forced to use a secure method.

My function: 

def generate_salt(self, rounds=22):
        first_phrase = ''.join(str(random.randint(0,9)) for i in range(rounds))
        second_phase = '$2b$12$' + first_phrase
        return second_phase.encode()

Error: 

======================================================================
ERROR: test_1 (__main__.TestTaxPayer)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/joaojunqueira/codes/secure-code-gaming/Level-5/tests.py", line 10, in test_1
    pass_ver = sha256.password_verification("abc", sha256.password_hash("abc", rd.generate_salt()))
  File "/Users/joaojunqueira/codes/secure-code-gaming/Level-5/code.py", line 37, in password_hash
    password_hash = bcrypt.hashpw(password, salt)
  File "/Users/joaojunqueira/Library/Python/3.9/lib/python/site-packages/bcrypt/__init__.py", line 84, in hashpw
    return _bcrypt.hashpass(password, salt)
ValueError: Invalid salt

----------------------------------------------------------------------
Ran 2 tests in 0.002s
alex commented 1 year ago

The final element of the salt must be base64 encoded, using the bcrypt base64 alphabet.

On Wed, Apr 5, 2023 at 6:28 PM João Junqueira @.***> wrote:

I have been trying to use a custom salt with bcrypt.hashpw() but it always returns an error, stating that the salt is invalid. It seems that the salt generated by bcrypt.gensalt() works fine, but when I try to generate a salt on my own, it fails to work with the hash function. I am not sure why this is happening, but I suspect that the hash function expects a specific format or structure for the salt, which I am not meeting with my own custom salt. I would appreciate any insights on this issue.

My desire is to demonstrate the possibility of attack vectors, but I am unable to do so when I am forced to use a secure method.

My function:

def generate_salt(self, rounds=22): first_phrase = ''.join(str(random.randint(0,9)) for i in range(rounds)) second_phase = '$2b$12$' + first_phrase return second_phase.encode()

Error:

====================================================================== ERROR: test_1 (main.TestTaxPayer)

Traceback (most recent call last): File "/Users/joaojunqueira/codes/secure-code-gaming/Level-5/tests.py", line 10, in test_1 pass_ver = sha256.password_verification("abc", sha256.password_hash("abc", rd.generate_salt())) File "/Users/joaojunqueira/codes/secure-code-gaming/Level-5/code.py", line 37, in password_hash password_hash = bcrypt.hashpw(password, salt) File "/Users/joaojunqueira/Library/Python/3.9/lib/python/site-packages/bcrypt/init.py", line 84, in hashpw return _bcrypt.hashpass(password, salt) ValueError: Invalid salt

Ran 2 tests in 0.002s

— Reply to this email directly, view it on GitHub https://github.com/pyca/bcrypt/issues/531, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAAGBCXMI7BEWZRNZFBRITW7X5ZDANCNFSM6AAAAAAWUWB5OQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>

-- All that is necessary for evil to succeed is for good people to do nothing.

junque1r4 commented 1 year ago

I tried copying the exactly same method, changing only the base64 code generated in _bcrypt.encode_base64 inside gensalt telegram-cloud-photo-size-1-5003617564353473604-y And the error persists... telegram-cloud-photo-size-1-5003617564353473603-y telegram-cloud-photo-size-1-5003617564353473601-y

Debugging a little more i saw that the base64 generated by bcrypt is different from all other b64 encode/decode: The bcrypt b64 compared to others:

image

1 == Bcrypt Generated 2 == base64.encode Generated 3 == Base64 website Generated

alex commented 1 year ago

Yes, as I stated, "using the bcrypt base64 alphabet". You changed precisely the thing to make it incorrect.

On Wed, Apr 5, 2023 at 10:33 PM João Junqueira @.***> wrote:

I tried copying the exactly same method, changing only the base64 code generated in _bcrypt.encode_base64 inside gensalt [image: telegram-cloud-photo-size-1-5003617564353473604-y] https://user-images.githubusercontent.com/39351332/230265434-e2b1592d-2eed-44bc-b6d8-6ff4417763a8.jpg And the error persists... [image: telegram-cloud-photo-size-1-5003617564353473603-y] https://user-images.githubusercontent.com/39351332/230264817-92daefeb-3102-4556-8631-465445215762.jpg [image: telegram-cloud-photo-size-1-5003617564353473601-y] https://user-images.githubusercontent.com/39351332/230262726-e3578d09-9578-4194-a9e7-9fd12ea2bf43.jpg

  • A = Clone Method generated
  • B = bcrypt.gensalt()

Debugging a little more a saw that the base64 generated by bcrypt is different from all other b64 encode/decode: The bcrypt b64 is different from the others: [image: image] https://user-images.githubusercontent.com/39351332/230265126-b4ef6f05-a698-4f70-9198-44fa4fc7afc6.png 1 == Bcrypt Generated 2 == base64.encode Generated 3 == Base64 website Generated

— Reply to this email directly, view it on GitHub https://github.com/pyca/bcrypt/issues/531#issuecomment-1498444432, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAAGBG2SXVNPTWAXLY7TR3W7Y2SDANCNFSM6AAAAAAWUWB5OQ . You are receiving this because you commented.Message ID: @.***>

-- All that is necessary for evil to succeed is for good people to do nothing.

junque1r4 commented 1 year ago

Is there a way to use the bcript base64 alphabet? I need to create my "own salt" so i can simulate vulnerabilities... Thanks regards! 😊

alex commented 1 year ago

There's no public API for that, no. This library exists to enable people to use modern(-ish) password hashing, not as a research tool.

On Wed, Apr 5, 2023 at 11:19 PM João Junqueira @.***> wrote:

Is there a way to use the bcript base64 alphabet? I need to create my "own salt" so i can simulate vulnerabilities... Thanks regards! 😊

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>

-- All that is necessary for evil to succeed is for good people to do nothing.

junque1r4 commented 1 year ago

Respectfully, I suggest considering the possibility of publishing the generation of Bcrypt's own B64 as a viable option. This change would be relatively simple, no? I created a simple function inside Bcrypt and everything works normally but it wouldn't be a viable option for everyone, turns this easy access would be great!

junque1r4 commented 1 year ago

As I said, it's for education purposes! https://github.com/skills/secure-code-game/issues/18 Here the issue related if you want to see

alex commented 1 year ago

There's no public API for this, and we have no interest in adding one, because it doesn't contribute to the purpose of this library: providing modern(-ish) password hashing. While educational purposes are laudable, we have no interest in adding extra API surface for it.