Doubt about Null Byte in Bcrypt PHP

Asked

Viewed 76 times

1

Well, I learned that PHP’s Bcrypt is vulnerable to Null Byte.

What are the tests I have to do to see this vulnerability, and what are the conquencias of it??

  • 1

    Well as far as I know, no one will enter a null character in a password, so there’s a lot to worry about. If the person uses a null character in the password, it will be vulnerable to a "Dictionary Attack".

1 answer

3


Several PHP functions are (or have been) vulnerable to null bytes, one of the biggest problems was the include(), PHP stopped when finding null, which allowed ignoring the file extension.


In the case of Bcrypt (I don’t know how Argon2i goes in PHP), it will use the string until it finds a null.

So:

$hash = '$2y$10$/nX1tLiwOsGWL4MhUjfEIOBKLV.Oa/uVy7rxqxih2SeNIkCk8doEW';

echo (int)password_verify("a", $hash);
echo PHP_EOL;

echo (int)password_verify("a\0bcde", $hash);
echo PHP_EOL;

echo (int)password_verify("a\0zzzzz", $hash);
echo PHP_EOL;

They all return 1, even if they are different.


This is because the hash in question was created with a null, such that:

password_hash("a\0 Qualquer Coisa Aqui Será Ignorada", PASSWORD_DEFAULT)

This is the null-byte problem. In general it is not a big problem, since password should be set using nulls, as far as I know. However this will circumvent the number of minimum characters for a password. Because a\0 Qualquer Coisa Aqui Será Ignorada will be more than 10 bytes, for example, but your password will only be 1 byte (a).


The solution to this is to pre-hash, but it should encode to a safe format, after all the result of an SHA-2, for example, can contain a null.

The other option might be to abandon Bcrypt, you have Libsodium in PHP, I believe these functions (specifically the sodium_crypto_pwhash_str) have no problems.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.