Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/bcrypt: new prefix #5814

Closed
gopherbot opened this issue Jun 29, 2013 · 5 comments
Closed

x/crypto/bcrypt: new prefix #5814

gopherbot opened this issue Jun 29, 2013 · 5 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unreleased

Comments

@gopherbot
Copy link

by raul.san@sent.com:

In 2011, was discovered a bug related to the sign extension bug, so nex versions of
OpenBSD's bcrypt added support for the "$2y$" prefix (which guarantees correct
handling of both 7- and 8-bit characters as in OpenBSD's "$2a$") and a
countermeasure to avoid one-correct to many-buggy hash collisions with the
"$2a$" prefix.

http://www.openwall.com/lists/announce/2011/07/17/1

I don't know whether the Go code also has this issue. But in whatever case it should
also support the "$2ay$" prefix.
@bradfitz
Copy link
Contributor

Comment 1:

Status changed to Accepted.

@rsc
Copy link
Contributor

rsc commented Nov 27, 2013

Comment 2:

Labels changed: added go1.3maybe.

@rsc
Copy link
Contributor

rsc commented Dec 4, 2013

Comment 3:

Labels changed: added release-none, removed go1.3maybe.

@rsc
Copy link
Contributor

rsc commented Dec 4, 2013

Comment 4:

Labels changed: added repo-crypto.

@mikioh mikioh changed the title go.crypto: new prefix in bcrypt bcrypt: new prefix Jan 7, 2015
@rsc rsc added this to the Unplanned milestone Apr 10, 2015
@rsc rsc changed the title bcrypt: new prefix x/crypto/bcrypt: new prefix Apr 14, 2015
@rsc rsc modified the milestones: Unreleased, Unplanned Apr 14, 2015
@rsc rsc removed the repo-crypto label Apr 14, 2015
@stevvooe stevvooe mentioned this issue Jun 3, 2015
Closed
@mdp
Copy link

mdp commented Aug 31, 2018

Golang's bcrypt doesn't distinguish between minor versions ("a","b","y", or any other single letter), just the major version (https://github.com/golang/crypto/blob/master/bcrypt/bcrypt.go#L260)

It happily treats all of them the same. It's probably safe to close this ticket.

@ALTree ALTree added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Jul 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
6 participants
@bradfitz @mdp @rsc @ALTree @gopherbot @seankhliao