[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8878) PBKDF2 Is Broken (1 in 64 hashes)

To: openldap-its@OpenLDAP.org
Subject: (ITS#8878) PBKDF2 Is Broken (1 in 64 hashes)
From: jroose@gmail.com
Date: Tue, 17 Jul 2018 04:35:32 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Jon Roose
Version: HEAD
OS: Linux
URL: 
Submission from: (NULL) (68.134.180.197)


The b64_to_ab64 function within the pbkdf2 password module is incorrect.

When str[0] == '+' this function fails to convert that first character to a '.'

The file in question is here: contrib/slapd-modules/passwd/pbkdf2/pw-pbkdf2.c
and occurs at line 62 in the current version of the file.

This occurs because when you write while (*p++), it changes the pointer and
skips over the first character of str.

This needs to be replaced with a for loop such as:
for(char* p = str; *p; p++)

This is a significant bug in this module, because it causes the hash algorithm
to fail to be replicable by outside hash implementations 1 out of every 64
hashes on average.

Prev by Date: Re: (ITS#8877) Issue while setting up openLDAP 2.4.44 with mdb
Next by Date: (ITS#8879) remove stale link in admin guide
Index(es):
- Chronological
- Thread