Password crypt unsafe

[GodFarmer]

This issue is perhaps a problem, and I'm sure (I think) that it will be looked at in the creation of YaBBSE 2.  However, I think it's not so critical as to warant change in the current release (imho).  If you want anything done about it, persuade someone (like me, just ask) to make a mod for it.

I appreciate the offer, but the modifications are extremely simple. If you really need to have it spelt out in a mod though:

http://www.yabbse.org/community/index.php?board=158;action=display;threadid=16518

On my system, this manages a smooth transition to MD5 for newly stored password while retaining backwards compatibility with previously stored passwords.

Regards, Bruno.

[David]

I still don't think you get what I said.  It uses as you said a RANDOM salt.  This salt is different every time you call crypt.  Thus how would you ever compare an entered password and the one in the database?

[GodFarmer]

I still don't think you get what I said.  It uses as you said a RANDOM salt.  This salt is different every time you call crypt.  Thus how would you ever compare an entered password and the one in the database?

The random salt is included in the crypted form of the password. Therefore, you must provide the crypted form (or at least the salt extracted from the crypted form) upon crypting the user input. This way the user input can be crypted with the same salt that was previously used.

For example with DES, the salt is included as the first two characters of the encrypted form. [That's why with the old scheme, every encrypted password started with the same two characters as the clear password: because those characters were used as salt]

This works, my mod's there to prove it! For more info, check any documentation on the standard crypt function...

Regards, Bruno.

[GodFarmer]

David, to continue kervel's example...

Storing the password:
random() -> 'bl'
crypt('secret','bl') -> blRZeRor8Mgr2

Storing the same password:
random() -> 'ar'
crypt('secret','ar') -> arxbmSLDgaJk.

Verifying user input 'lala' against encrypted password blRZeRor8Mgr2:
extract first two characters from blRZeRor8Mgr2 -> bl
crypt('lala','bl') -> blXH3v2KIh5Y. != blRZeRor8Mgr2 so reject login!

Verifying user input 'lala' against encrypted password arxbmSLDgaJk.:
extract first two characters from arxbmSLDgaJk. -> ar
crypt('lala','ar') -> arxY7QuUWe2sI != arxbmSLDgaJk. so reject login!

Verifying user input 'secret' against encrypted password blRZeRor8Mgr2:
extract first two characters from blRZeRor8Mgr2 -> bl
crypt('secret', 'bl') -> blRZeRor8Mgr2 == blRZeRor8Mgr2 so accept login!

Verifying user input 'secret' against encrypted password arxbmSLDgaJk.:
extract first two characters from arxbmSLDgaJk. -> ar
crypt('secret','ar') -> arxbmSLDgaJk. == arxbmSLDgaJk. so accept login!

Regards, Bruno.