76881580cd9c30681aa65b228e0757c0515bbaa5_(Bug_35961).patch
Public
Actions

Authored By

	• bzimport
	Nov 22 2014, 12:18 AM

Size

1 KB

Referenced Files

None

Subscribers

None

76881580cd9c30681aa65b228e0757c0515bbaa5_(Bug_35961).patch
View Options

	commit 76881580cd9c30681aa65b228e0757c0515bbaa5
	Author: Platonides <platonides@gmail.com>
	Date: Fri Apr 13 22:37:33 2012 +0200

	(bug 35961) If your salted password end up being completely numeric when
	represented in hexadecimal (less than 1 password per 10 millions),
	it is also possible to login by providing another password that only
	matches the first 9 bytes (instead of the full 16 ones) if it turns out
	to also be completely numeric with your assigned salt (which is completely unknown).
	The odds of finding an equivalent password with such characteristics, over a double md5
	with an unknown salt, are really low. Even if the attacker broke into the servers and
	robbed the salts, making use of this property would require a preimage attack of a partial
	md5 (2^18) with the output of another md5 hash, for which a full preimage would still be
	needed. Breaking the hashes using conventional attacks would be easier, so this is not
	a critical update.

	Change-Id: I8d1153fb91ca6507bd1df91e9953561f74f12ef6

	diff --git a/includes/User.php b/includes/User.php
	index af923ff..d3332fd 100644
	--- a/includes/User.php
	+++ b/includes/User.php
	@@ -3924,7 +3924,7 @@ class User {
	} elseif ( $type == ':B:' ) {
	# Salted
	list( $salt, $realHash ) = explode( ':', substr( $hash, 3 ), 2 );
	- return md5( $salt.'-'.md5( $password ) ) == $realHash;
	+ return md5( $salt.'-'.md5( $password ) ) === $realHash;
	} else {
	# Old-style
	return self::oldCrypt( $password, $userId ) === $hash;

Mime Type: text/x-diff
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 8651
Default Alt Text: 76881580cd9c30681aa65b228e0757c0515bbaa5_(Bug_35961).patch (1 KB)