Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F9144
76881580cd9c30681aa65b228e0757c0515bbaa5_(Bug_35961).patch
Public
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
•
bzimport
Nov 22 2014, 12:18 AM
2014-11-22 00:18:09 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
76881580cd9c30681aa65b228e0757c0515bbaa5_(Bug_35961).patch
View Options
commit 76881580cd9c30681aa65b228e0757c0515bbaa5
Author: Platonides <platonides@gmail.com>
Date: Fri Apr 13 22:37:33 2012 +0200
(bug 35961) If your salted password end up being completely numeric when
represented in hexadecimal (less than 1 password per 10 millions),
it is also possible to login by providing another password that only
matches the first 9 bytes (instead of the full 16 ones) if it turns out
to also be completely numeric with your assigned salt (which is completely unknown).
The odds of finding an equivalent password with such characteristics, over a double md5
with an unknown salt, are really low. Even if the attacker broke into the servers and
robbed the salts, making use of this property would require a preimage attack of a partial
md5 (2^18) with the output of another md5 hash, for which a full preimage would still be
needed. Breaking the hashes using conventional attacks would be easier, so this is not
a critical update.
Change-Id: I8d1153fb91ca6507bd1df91e9953561f74f12ef6
diff --git a/includes/User.php b/includes/User.php
index af923ff..d3332fd 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -3924,7 +3924,7 @@ class User {
} elseif ( $type == ':B:' ) {
# Salted
list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
- return md5( $salt.'-'.md5( $password ) ) == $realHash;
+ return md5( $salt.'-'.md5( $password ) ) === $realHash;
} else {
# Old-style
return self::oldCrypt( $password, $userId ) === $hash;
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
8651
Default Alt Text
76881580cd9c30681aa65b228e0757c0515bbaa5_(Bug_35961).patch (1 KB)
Attached To
Mode
T37961: Password hash weakening under special circumstances
Attached
Detach File
Event Timeline
Log In to Comment