[openssl-dev] Maximum length of passwords

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[openssl-dev] Maximum length of passwords

Jakob Kramer
Hello,

In the apps `pkcs8', `passwd', `enc' and `pkcs12' there are hard-coded
maximum lengths for passwords given:


(all of the following examples will use the respective char * as buffer
for `EVP_read_pw_string')

pkcs8.c:
>  86         char pass[50], /* ... */;


enc.c:
>  78 #define SIZE    (512)
> ...
> 106         char *strbuf=NULL;
> ...
> 374         strbuf=OPENSSL_malloc(SIZE);


pkcs12.c:
> 106     char /* ... */, macpass[50];


passwd.c:

>  66         char /* ... */, *passwd = NULL, /* ... */;
>  67         char /* ... */, *passwd_malloc = NULL;
>  68         size_t passwd_malloc_size = 0;
> ...
>  74         size_t pw_maxlen = 0;
> ...
> 209         if (usecrypt)
> 210                 pw_maxlen = 8;
> 211         else if (use1 || useapr1)
> 212                 pw_maxlen = 256; /* arbitrary limit, should be
>                                         enough for most passwords */
> ...
> 218                 passwd_malloc_size = pw_maxlen + 2;
> 219                 /* longer than necessary so that we can warn
>                         about truncation */
> 220                 passwd = passwd_malloc =
>                     OPENSSL_malloc(passwd_malloc_size);


Only `passwd' warns if a password was truncated, the other programs do
not even check if it was truncated.

There should either be a function that automatically allocates enough
memory to put the whole password in it (openssh does it this way, see
read_passphrase from openssh/readpass.c), or a compile-time flag that
sets the PASS_MAXLEN.

Either way every `app' should check whether the whole password was read
and not silently truncate the password, and all apps should behave
consistently.

I would like to hear which approach you would choose, malloc or PASS_MAXLEN.

Regards,
Jakob Kramer
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl-dev] Maximum length of passwords

Hubert Kario
----- Original Message -----

> From: "Jakob Kramer" <[hidden email]>
> To: [hidden email]
> Sent: Friday, 11 April, 2014 3:01:42 PM
> Subject: [openssl-dev] Maximum length of passwords
>
> There should either be a function that automatically allocates enough
> memory to put the whole password in it (openssh does it this way, see
> read_passphrase from openssh/readpass.c), or a compile-time flag that
> sets the PASS_MAXLEN.
>
> Either way every `app' should check whether the whole password was read
> and not silently truncate the password, and all apps should behave
> consistently.
>
> I would like to hear which approach you would choose, malloc or PASS_MAXLEN.

128 characters allows you to hex encode 512 bits of data (e.g. from sha512sum)

assuming 8 character words from 2048 word dictionary gives you
176 bit entropy for the same 128 characters.

So, PASS_MAXLEN of 256 characters should be enough for anybody and of 128 for
most environments. It still should refuse to accept longer passwords and not
silently truncate....

As such, I think both solutions are acceptable.
The static buffer implementation should be simpler, so should have lower
probability of bugs in it.

--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Email: [hidden email]
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky┼łova 99/71, 612 45, Brno, Czech Republic
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl-dev] Maximum length of passwords

Douglas E Engert

On 4/11/2014 8:51 AM, Hubert Kario wrote:

> ----- Original Message -----
>> From: "Jakob Kramer" <[hidden email]>
>> To: [hidden email]
>> Sent: Friday, 11 April, 2014 3:01:42 PM
>> Subject: [openssl-dev] Maximum length of passwords
>>
>> There should either be a function that automatically allocates enough
>> memory to put the whole password in it (openssh does it this way, see
>> read_passphrase from openssh/readpass.c), or a compile-time flag that
>> sets the PASS_MAXLEN.
>>
>> Either way every `app' should check whether the whole password was read
>> and not silently truncate the password, and all apps should behave
>> consistently.
>>
>> I would like to hear which approach you would choose, malloc or PASS_MAXLEN.
> 128 characters allows you to hex encode 512 bits of data (e.g. from sha512sum)
>
> assuming 8 character words from 2048 word dictionary gives you
> 176 bit entropy for the same 128 characters.
>
> So, PASS_MAXLEN of 256 characters should be enough for anybody

Maybe not. Some smart cards are looking at accepting a fingerprint scan as a PIN. The card then does the match.
In some apps this might be passed in as a password then passed to an engine to be passed in as a PIN.
(How the card detects a replay is up to the card.)

>   and of 128 for
> most environments. It still should refuse to accept longer passwords and not
> silently truncate....
I agree. no silent truncation.

>
> As such, I think both solutions are acceptable.
> The static buffer implementation should be simpler, so should have lower
> probability of bugs in it.
>

--

  Douglas E. Engert  <[hidden email]>
 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]