Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/bcrypt: new prefix #5814

Open
gopherbot opened this issue Jun 29, 2013 · 5 comments
Open

x/crypto/bcrypt: new prefix #5814

gopherbot opened this issue Jun 29, 2013 · 5 comments

Comments

@gopherbot
Copy link

@gopherbot gopherbot commented Jun 29, 2013

by raul.san@sent.com:

In 2011, was discovered a bug related to the sign extension bug, so nex versions of
OpenBSD's bcrypt added support for the "$2y$" prefix (which guarantees correct
handling of both 7- and 8-bit characters as in OpenBSD's "$2a$") and a
countermeasure to avoid one-correct to many-buggy hash collisions with the
"$2a$" prefix.

http://www.openwall.com/lists/announce/2011/07/17/1

I don't know whether the Go code also has this issue. But in whatever case it should
also support the "$2ay$" prefix.
@bradfitz
Copy link
Contributor

@bradfitz bradfitz commented Jul 23, 2013

Comment 1:

Status changed to Accepted.

Loading

@rsc
Copy link
Contributor

@rsc rsc commented Nov 27, 2013

Comment 2:

Labels changed: added go1.3maybe.

Loading

@rsc
Copy link
Contributor

@rsc rsc commented Dec 4, 2013

Comment 3:

Labels changed: added release-none, removed go1.3maybe.

Loading

@rsc
Copy link
Contributor

@rsc rsc commented Dec 4, 2013

Comment 4:

Labels changed: added repo-crypto.

Loading

@mikioh mikioh changed the title go.crypto: new prefix in bcrypt bcrypt: new prefix Jan 7, 2015
@rsc rsc added this to the Unplanned milestone Apr 10, 2015
@rsc rsc changed the title bcrypt: new prefix x/crypto/bcrypt: new prefix Apr 14, 2015
@rsc rsc added this to the Unreleased milestone Apr 14, 2015
@rsc rsc removed this from the Unplanned milestone Apr 14, 2015
@rsc rsc removed the repo-crypto label Apr 14, 2015
@mdp
Copy link

@mdp mdp commented Aug 31, 2018

Golang's bcrypt doesn't distinguish between minor versions ("a","b","y", or any other single letter), just the major version (https://github.com/golang/crypto/blob/master/bcrypt/bcrypt.go#L260)

It happily treats all of them the same. It's probably safe to close this ticket.

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants