Topic: Login issues - crypt() behaves different on different php versions(??)

[scalior]

Hi guys,

This seems to be an extension of this thread http://mibew.org/forums/index.php/topic,191525.0.html

I installed mibew 1.6.9 on my server hosted on Hostgator a while ago and everything worked just fine. I upgraded to 1.6.10, and that was also fine. I received a notice from Hostgator that they are going to upgrade the PHP installation on their servers. After the upgrade, I can no longer login using my username and password.

I have tracked down the issue to the use of crypt() function in calculate_password_hash() of libs/operator.php. The behavior of the crypt function changed with the php upgrade. Specifically, before the upgrade, the crypt() function would take a salt that is less that 22 characters and pad it with $$$$ to get it up to 22 characters. With the new setup, if the salt is less than 22 characters, it returns '*0', which in the calculate_password_hash() logic, will default to MD5. The problem why I can't login is that it comparing the blowfish hash from before to the md5 hash now.

I have another server that pads a short salt when using the crypt function. I put together a script to test the behavior on both servers, and my results are below. The script is attached.

My question to the Mibew devs. Is it correct usage of crypt() to assume that it will do the padding? If not then the logic in calculate_password_hash() should take care of padding or truncating at 22 chars of the login.

Eyong


========================================================
PHP_VERSION_ID = 50513
CRYPT_BLOWFISH = 1
CRYPT_MD5 = 1

Testing crypt() functions...
Blowfish hashes
crypt(dumb_password, $2y$08$lessthan22) = *0         <---- No automatic padding, error result
crypt(dumb_password, $2a$08$lessthan22) = *0         <---- No automatic padding, error result

MD5 hash
crypt(dumb_password, $1$lessthan22) = $1$lessthan$eA/WAfDovhEkcObRrTIp4/

Blowfish hashes
crypt(dumb_password, $2y$08$22exacltytwentytwochar) = $2y$08$22exacltytwentytwochaeJBqe6eLBO8vNU4NXoOEFmRGwKCEueUO
crypt(dumb_password, $2a$08$22exacltytwentytwochar) = $2a$08$22exacltytwentytwochaeJBqe6eLBO8vNU4NXoOEFmRGwKCEueUO

MD5 hash
crypt(dumb_password, $1$22exacltytwentytwochar) = $1$22exaclt$vruhg8twySmse2TpsuWth.

=============================================================================
PHP_VERSION_ID = 50410
CRYPT_BLOWFISH = 1
CRYPT_MD5 = 1

Testing crypt() functions...
Blowfish hashes
crypt(dumb_password, $2y$08$lessthan22) = $2y$08$lessthan22$$$$$$$$$$$.0qxTgMIOECtmZ30vig9MHwyMjHgNMWC
crypt(dumb_password, $2a$08$lessthan22) = $2a$08$lessthan22$$$$$$$$$$$.0qxTgMIOECtmZ30vig9MHwyMjHgNMWC

MD5 hash
crypt(dumb_password, $1$lessthan22) = $1$lessthan$eA/WAfDovhEkcObRrTIp4/

Blowfish hashes
crypt(dumb_password, $2y$08$22exacltytwentytwochar) = $2y$08$22exacltytwentytwochaeJBqe6eLBO8vNU4NXoOEFmRGwKCEueUO
crypt(dumb_password, $2a$08$22exacltytwentytwochar) = $2a$08$22exacltytwentytwochaeJBqe6eLBO8vNU4NXoOEFmRGwKCEueUO

MD5 hash
crypt(dumb_password, $1$22exacltytwentytwochar) = $1$22exaclt$vruhg8twySmse2TpsuWth.

[faf]

Well... The official php manual doesn't describe the situation with the Blowfish and a salt whose length is less than 128 bit.

We haven't any troubles with that on our development sites. Though, we don't use the latest version of PHP.

I've seen empirical evidences of both types of PHP's behavior regardless of its version:

• http://stackoverflow.com/questions/16280194/php-crypt-for-password-hashing-blowfish-produces-weird-output - valid output for short salt in PHP 5.4.
• https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1183338 - invalid output for short salt in PHP 5.3.

So, I think that one can make such conclusions:

• It looks like the symptoms you see is related not to a version of PHP but to a hosting environment itself.
• You can use 'forgot your password' feature to recalculate the hashes in your new hosting environment. This will cure the symptoms.
• We'll rewrite the calculate_password_hash() function to make it more reliable.

[scalior]

Hello Fedor,

Thanks for looking into this. My testing also confirms doesn't matter the version of php but the environment. On the same hostgator server, I saw it misbehaving with PHP 5.3, but I couldn't find that instance when I was posting the message. My thinking was that there was a strict mode flag on the crypt module, but I see no evidence of that on my PHP info dump, and no such thing in the threads you pointed out. Well, if you ever find why the difference please share.

Thanks,

Eyong

[faf]

Hi, Eyong!

Please, test this version of libs/operator.php:
https://raw.githubusercontent.com/Mibew/mibew/fc25f35655c425f15f09f5e1ecbb1cb6d815cb40/src/mibew/libs/operator.php

Of course, you'll have to regenerate all password hashes once again. But this version (probably) should work with Blowfish on any systems. 

[scalior]

Hi Fedor,

This new code is stable across my servers. Thanks for for the quick fix.

Eyong

[faf]

Great! Looks like soon we'll release another one stable version of Mibew Messenger 1.6.