New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal: x/crypto/bcrypt: allow external salt #18737
Comments
Sorry for being a bit dense and sclerotic, but I have a dim recollection
that one of the motives behind bcrypt was to reduce salt collisions and the
success of dictionary attacks. Why would you want to expose such
information and thus weaken the hash?
…On 21 January 2017 at 08:32, cruxic ***@***.***> wrote:
x/crypto/bcrypt does not allow you to specify the salt used with
GenerateFromPassword(). Many other bcrypt libraries allow this. I find
myself needing it now.
I propose to add a new function GenerateFromPasswordAndSalt(password,
rawSalt []byte, cost int). There would also be a new a new constant, RawSaltSize
= 16. The function will fail if salt is any other length. This would be
simple to implement could and I would be happy to do the work.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#18737>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AEAf7GCYxLxq_-qK2fL00705f8zbFsVrks5rUbSdgaJpZM4Lp_oE>
.
|
I agree that, for most developers, salt from crypto/rand is the best choice and this bcrypt implemenation saves the developer from having to think about it. However, there are use-cases for externally provided salt so why not support it? All other KDF packages in x/crypto take salt as a parameter (pbkdf2, hkdf, scrypt). So does github.com/magical/argon2. Why not bcrypt too? Perhaps, for consistency with those packages the new function should be called |
@cruxic, @rhedile asked why you want this, and you didn't answer. You've said:
and
Again, why? What are the use cases? If they are not particularly common, you always have the option of making a local copy of bcrypt. |
Here are some use-cases:
|
I do not consider myself an expert but know enough to hear alarm bells ringing. I personally feel you should review exactly how a "rainbow table" attack can be used to compromise the hash by attacking the salt to compromise the key. Please note that the Go implementation of bcrypt uses a fixed string for its IV. This is correct and acceptable. I am not convinced that using pseudorandom numbers as IV in block ciphers adds anything. I cannot speak for others, but I use Go bcrypt in Identity Management and judged the implementation competent and "safe" years ago. I would not like to be continually reviewing the code to monitor changes to an experimental API which could weaken the Package. |
You may have misread my use-case 3? I suggested the IV be generated from crypto/rand, not a psuedo-random source. Judging by the responses so far there seems to be no will to support this usage. My need is admittiedly a corner case. I will continue using my patched version of x/crypto/bcrypt. |
x/crypto/bcrypt does not allow you to specify the salt used with GenerateFromPassword(). Many other bcrypt libraries allow this. I find myself needing it now.
I propose to add a new function
GenerateFromPasswordAndSalt(password, rawSalt []byte, cost int)
. There would also be a new a new constant,RawSaltSize = 16
. The function will fail if salt is any other length. This would be simple to implement and I would be happy to do the work.The text was updated successfully, but these errors were encountered: