Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

13-Year-Old Password Security Bug Fixed

timothy posted more than 3 years ago | from the not-13-year-old's dept.

Security 130

arglebargle_xiv writes "In a sign that many eyes don't really make (security) bugs shallow, a thirteen-year-old password-hashing bug that affects (at least) PHP, some Linux distros (Owl, ALT Linux, SUSE), and a variety of other apps has just been patched. This problem had been present in widely-used code since 1998 without anyone noticing it." Better late than never; reader Trailrunner7 points to this article outlining the dangers of old exploits, given old code for them to toy with.

cancel ×

130 comments

Sorry! There are no comments related to the filter you selected.

without anyone noticing it? (0)

Anonymous Coward | more than 3 years ago | (#36507512)

really doubt it...

Re:without anyone noticing it? (1)

Anonymous Coward | more than 3 years ago | (#36507670)

The 'shut up and submit a patch, bitch' excuse really sucks in the long term.

At least it was fixed (3, Interesting)

mangu (126918) | more than 3 years ago | (#36507520)

How many bugs are there in commercial software that we don't know?

What we do know is that there are many exploits for commercial software. The vendors claim that such exploits only exist because that software is more popular, but this does not explain why Apache doesn't have four times more exploits than IIS [netcraft.com]

Re:At least it was fixed (0)

Anonymous Coward | more than 3 years ago | (#36507672)

... the anti-Microsoft slashdot bias is certainly in full effect. One article about a long standing but minor flaw in a *nix and we instantly get "AT LEAST IT WAS FIXED UNLIKE MICROSOFT!!" comments...

Re:At least it was fixed (4, Insightful)

LordLucless (582312) | more than 3 years ago | (#36507714)

Uh-huh. Because "In a sign that many eyes don't really make (security) bugs shallow" is such an unbiased opening for the story.

Re:At least it was fixed (4, Insightful)

Anonymous Coward | more than 3 years ago | (#36507812)

And why is that not a reasonable opening for the summary?

Isn't the 13 year existence of a security bug in open source code a valid argument that open source does not really mean a product is more secure?

The correct answer for what makes a product secure: Proper coding practices combined with proper configuration.

IMO, Apache is certainly a better choice for a web server, but my opinion is not based on that fact that it is open source and instead based on the fact that it is actually more secure than IIS. Apache appears to be less often compromised, therefore I trust it more. However, if IIS one day holds the mantle of least compromised, then I will certainly consider it (I'm holding my breath though).

Re:At least it was fixed (4, Informative)

XanC (644172) | more than 3 years ago | (#36507874)

Isn't the 13 year existence of a security bug in open source code a valid argument that open source does not really mean a product is more secure?

No, it isn't. In order to reach that conclusion, you'd have to compare it against closed-source code. Do you really believe there aren't now and have never been bugs that old in the closed-source world?

Re:At least it was fixed (1, Interesting)

Anonymous Coward | more than 3 years ago | (#36508054)

Does it matter? Being open source is NOT what makes something secure. Following proper coding practices and being properly configured make a program secure. Open source *may* help a project follow better coding practices... or it may hinder a project by having too many chefs in the kitchen... hard to know.

But I do know that I'm not going to run some software merely because it is open source. I am going to run it because it has demonstrated security in the past.

In other words, I go with what has been proven more secure, based upon vulnerability disclosures and compromises, not based upon misplaced trust in strangers auditing open source code for me.

Re:At least it was fixed (1)

LordLucless (582312) | more than 3 years ago | (#36509544)

based upon vulnerability disclosures and compromises

So the more vulnerabilities the vendor hides, the more you are convinced to buy their software. Sounds like a plan!

Re:At least it was fixed (1)

Riceballsan (816702) | more than 3 years ago | (#36509606)

Well not necessarily, I don't completely agree with his point, but I can't disagree either. If the vendor succesfully hides the vulnerabilities until they are patched, then that is = to a bug in an open source product that wasn't noticed until it was patched. A security flaw in the wild does not go undisclosed completely. The vendor may deny it, but those effected may not (well some of them, it may vary). Fundamentalism is flawed in either direction. Apache is a great example of open source that has worked very well. While say Diaspora was released open source, and was riddled with so many security flaws it was deemed worse security wise then what it was trying to replace (especially sad considering the horrific trackrecord facebook has for security). Open source isn't a magic bullet that guarantees a turd can be changed to gold overnight. While I agree many open source projects have a good track record and a tendency to patch flaws at the "theoretical risk" stage, and many proprietary products tend to wait until systems are actually compromised to lift a finger. Not every proprietary program is flawed, nor every open source program flawless.

Re:At least it was fixed (1)

LordLucless (582312) | more than 3 years ago | (#36509730)

Well not necessarily, I don't completely agree with his point, but I can't disagree either. If the vendor succesfully hides the vulnerabilities until they are patched, then that is = to a bug in an open source product that wasn't noticed until it was patched

Well yes, that's entirely my point. Those bugs you don't know about until they're patched, so it's impossible to factor them into your consideration when evaluating a product. If you're looking at two products, an open source system with 100 open issues, and a closed source with 5, you cannot compare the two based on disclosed vulnerabilities - they're tracking different things. The open source metric is a representation of known bugs. The closed source metric is a representation of known bugs that the developer has chosen to disclose.

Nobody's trying to say open source is a panacea (except possibly the AC, to setup a straw man). What they're saying is that the fact there is an old bug in open source software, doesn't necessarily mean open source is inferior to closed - especially when there's no sure way of knowing about comparable bugs in closed source software.

Re:At least it was fixed (1)

tehcyder (746570) | more than 3 years ago | (#36510758)

What they're saying is that the fact there is an old bug in open source software, doesn't necessarily mean open source is inferior to closed - especially when there's no sure way of knowing about comparable bugs in closed source software.

No, but conversely it also doesn't necessarily mean that open source is superior to closed if you can't directly compare them.

Re:At least it was fixed (1)

LordLucless (582312) | more than 3 years ago | (#36511004)

Which is fine, since nobody was claiming that

Re:At least it was fixed (1)

tehcyder (746570) | more than 3 years ago | (#36510746)

Isn't the 13 year existence of a security bug in open source code a valid argument that open source does not really mean a product is more secure?

No, it isn't. In order to reach that conclusion, you'd have to compare it against closed-source code. Do you really believe there aren't now and have never been bugs that old in the closed-source world?

No, the usual pro-FOSS argument isn't "FOSS is more secure than closed source software because fewer bugs happen to have been found" it is "FOSS is more secure by definition, because of the many eyes thing."

Re:At least it was fixed (2)

LordLucless (582312) | more than 3 years ago | (#36508050)

Isn't the 13 year existence of a security bug in open source code a valid argument that open source does not really mean a product is more secure?

(Emphasis added)

Not unless you have some measurement of non open-source code against which you can compare. Which the OP pointed out . And you (or some other AC, can't really tell you guys apart) flamed him for.

Re:At least it was fixed (0)

Anonymous Coward | more than 3 years ago | (#36509804)

you meant to say, your not holding your breath though.

The meaning of the phrase is that you don't expect a change in the situation any time soon because you are certain you would expire before that happened.

off course it's not literal much as being run over by a car doesn't mean run over but hit by a car in most usages.
English idiom doesn't work that way much as you could say bill gates is rolling in money doesn't mean he actually rolls in money just he has a lot of it.

Of course I could be full of shit and talking bollocks but at least now you should understand what i just said :)

Re:At least it was fixed (1)

Gordonjcp (186804) | more than 3 years ago | (#36510492)

Isn't the 13 year existence of a security bug in open source code a valid argument that open source does not really mean a product is more secure?

It's not really insecure if there isn't a practicable exploit for it. This bug is more of a "sticky door" - annoying, but not really a big problem in day-to-day use.

Re:At least it was fixed (3, Insightful)

MobileTatsu-NJG (946591) | more than 3 years ago | (#36508402)

How many bugs are there in commercial software that we don't know?

Heh.

Monday:

"Really old bug finally patched in some popular Microsoft software!"

This shows how terrible proprietary software is!

Tuesday:

"Really old bug finally patched in some popular OSS!"

This shows how terrible proprietary software is!

Re:At least it was fixed (3, Interesting)

Requiem18th (742389) | more than 3 years ago | (#36508638)

In all fairness, software is only as secure as the culture behind it. Everybody using PHP knew of this bug for ages, just, nobody gave a damn. Except those who didn't know that also didn't give a damn.

PHP has never been crazy about security, what else do you expect from a runtime that once let you insert arbitrary variables into the script namespace?

The few people using PHP who care about security that much are using DIY password management anyway.

So then the real question is!!! (1)

EETech1 (1179269) | more than 3 years ago | (#36509632)

So then the real question is... When was it fixed in the "BSD's"???

Ducks:)

Re:So then the real question is!!! (1)

ifrag (984323) | more than 3 years ago | (#36510736)

Well, OpenBSD does have a custom branch of Apache =)

I think it's a fair point though, the BSDs seem more focused on being clean and correct, where Linux is more focused on extending functionality.

Re:At least it was fixed (0)

Anonymous Coward | more than 3 years ago | (#36510232)

"The few people using PHP who care about security that much are using DIY password management anyway."

So, no people who actually know what they're doing use PHP?

DIY password management is bad mojo. You think bugs like this are magically _less_ common in code that no-one has ever looked at much less reviewed?

Re:At least it was fixed (0)

Anonymous Coward | more than 3 years ago | (#36511354)

Ah, the astroturfing MS fanbois are at it again: user mangu's point was that the monocrop fallacy was an utterly broken one always brought up by intellectually dishonest astroturfing MS fanbois like you.

How comes Apache doesn't have four times more exploits than IIS despite having four times the market share?

We OSS can be pre-emptive too, seen the level of pre-emptiveness on every MS insecurity-related story cropping up (basically all the time) that all of you MS astroturfing fanbois display.

Sadly /. has become infested by high-level UID that keep on hating on OS X and Linux and it's really pathetic to see you MS astroturfing fanbois getting upvoted.

Re:At least it was fixed (-1)

Anonymous Coward | more than 3 years ago | (#36508502)

You are a turd.

Re:At least it was fixed (0)

Anonymous Coward | more than 3 years ago | (#36510068)

How many bugs are there in commercial software that we don't know?

We don't know.

Re:At least it was fixed (1)

tehcyder (746570) | more than 3 years ago | (#36510712)

How many bugs are there in commercial software that we don't know?

And how many bugs are there in FOSS software that we don't know? The answer "none, because many eyes..." does not sound so convincing now.

Not unprecedented (2, Interesting)

slimjim8094 (941042) | more than 3 years ago | (#36507524)

http://www.osnews.com/story/19731/The-25-Year-Old-UNIX-Bug [osnews.com]

These kinds of stories make me nervous, because I always assume that crackers know about these and are using them secretly.

Though this is obviously not a OSS issue. Were this Windows, it might not have been found at all.

Re:Not unprecedented (1, Funny)

martin-boundary (547041) | more than 3 years ago | (#36507598)

Exactly. In Windows, you'd simply be told to reboot frequently enough so the password bug doesn't get triggered :)

Re:Not unprecedented (1)

dudpixel (1429789) | more than 3 years ago | (#36508836)

Exactly. In Windows, you'd simply be told to reboot frequently enough so the password bug doesn't get triggered :)

Nah, windows already reboots frequently enough. Its now a "feature".

Re:Not unprecedented (0)

Anonymous Coward | more than 3 years ago | (#36509736)

What is this, 2003? Windows doesn't reboot frequently and hasn't for quite a while. My machines reboot once or twice a month, max.

Re:Not unprecedented (2)

blair1q (305137) | more than 3 years ago | (#36507650)

I always assume that crackers know about these and are using them secretly.

And when caught at it publish everything they have and blame you for not securing your system.

Re:Not unprecedented (2)

joabjon (1382465) | more than 3 years ago | (#36507848)

Certainly not unprecedented:
17-year-old issues in NTLM not many people know about (now fixed)
http://www.ampliasecurity.com/research/OCHOA-2010-0209.txt [ampliasecurity.com]
http://www.ampliasecurity.com/research/NTLMWeakNonce-bh2010-usa-ampliasecurity.pdf [ampliasecurity.com]

Re:Not unprecedented (0)

Anonymous Coward | more than 3 years ago | (#36508576)

As usual, Linux is four years behind Microsoft!

Re:Not unprecedented (1)

AliasMarlowe (1042386) | more than 3 years ago | (#36510454)

Certainly not unprecedented:
17-year-old issues in NTLM not many people know about (now fixed)
http://www.ampliasecurity.com/research/OCHOA-2010-0209.txt [ampliasecurity.com]
http://www.ampliasecurity.com/research/NTLMWeakNonce-bh2010-usa-ampliasecurity.pdf [ampliasecurity.com]

And not forgetting the arithmetic error in Windows Calculator, which first affected the calculator in Windows 1.0 (November 1985) and persisted until Windows 98 (June 1998): almost 13 years. The version for Windows 3.x was not actually fixed until 2004 as a download from Microsoft, about 14 years after Windows 3.0 was released.

The existence of exactly the same bug in OS/2's built-in Windows subsystem (definitely OS/2 2.0, 2.1, 3.0; I never used 4.0) was evidence that IBM was using exactly the same code for Win-OS/2 as Microsoft used for Windows. Here's an example calculation for anyone who has a Windows 3.x or similar ancient version still running:
3.11-3.1=
The buggy calculator gives 0.0 as the answer. The existence of this bug was widely known, but ignored by Microsoft for years.

Re:Not unprecedented (2)

satuon (1822492) | more than 3 years ago | (#36509646)

If crackers were using them a lot and there were viruses in the wild that were using them, then people would have quickly found out about those bugs and patched them. I think the reason they stayed hidden for such a long time was nobody really exploited them.

Re:Not unprecedented (2)

daid303 (843777) | more than 3 years ago | (#36510154)

If you read the report, you'll notice that the bug introduces a slight incompatibility and a slight reduction in password strength if you use the 8th bit (read none-latin) characters. With blowfish (one of the many possible hash functions)

Yes, it's a bug. Yes, it needs to be fix. No, it's not OMG we're going to be pwned!

A 13 Year Old Bug ... (2)

WrongSizeGlass (838941) | more than 3 years ago | (#36507554)

A 13 year old bug is no match for a 13 year old hacker.

Re:A 13 Year Old Bug ... (1)

Chris Burke (6130) | more than 3 years ago | (#36507902)

That's what they meant by "13-year-old password security bug"! Turns out you could get access to any system by screaming "Cockfag!" into the microphone.

No shit (0)

Anonymous Coward | more than 3 years ago | (#36507556)

In a sign that many eyes don't really make (security) bugs shallow

This is a myth that should have been debunked years ago. I don't know why people still believe it. It only holds water if people are actively looking at the code and noticing the bugs, which in many cases they are not.

Posted anonymously because this is Slashdot and ESR is a God who can never be wrong.

Re:No shit (1, Insightful)

mangu (126918) | more than 3 years ago | (#36507686)

It only holds water if people are actively looking at the code and noticing the bugs, which in many cases they are not.

But you must admit that in some cases people are looking at the code, while in commercial code no one but those who developed it can take a look.

If you have ever developed code you must have noticed how often you spend hours looking at your code trying to find a bug and then someone comes looking over your shoulder and points out the obvious error.

Re:No shit (1)

tehcyder (746570) | more than 3 years ago | (#36510812)

It only holds water if people are actively looking at the code and noticing the bugs, which in many cases they are not.

But you must admit that in some cases people are looking at the code, while in commercial code no one but those who developed it can take a look.

If you have ever developed code you must have noticed how often you spend hours looking at your code trying to find a bug and then someone comes looking over your shoulder and points out the obvious error.

So you only the specific developer who writes a piece of code gets to look at that code in commercial software? There is no review or management process whatsoever?
In that case, commercial software is certainly more error prone.

Re:No shit (1)

Meshach (578918) | more than 3 years ago | (#36507690)

... this is Slashdot and ESR is a God who can never be wrong.

When did ESR get elevated to Linus' level?

Re:No shit (0)

Anonymous Coward | more than 3 years ago | (#36508586)

When did ESR get elevated to Linus' level?

Funny you should say that, when the maxim about all the eyeballs commonly attributed to ESR was referencing a statement Linus Torvalds made. So any criticism of that maxim is as much a criticism of Linus Torvalds as Eric S. Raymond.

ESR really was at god level in the open source community, until a certain prominent open source personality who is better at lawsuits and public performances than coding tossed enough shit that some stuck. (And this crap-flinging personality has more followers here than ESR, which is why I post anonymously.)
IMHO, this says more about his opponents than it does about ESR. At least ESR didn't stoop to that level, but sniffed and stepped away.
His open source legacy and ideas is still what most of us build on and use every day. Including Linus Torvalds.

hunter2 (0)

Anonymous Coward | more than 3 years ago | (#36507558)

Re:hunter2 (1)

guybrush3pwood (1579937) | more than 3 years ago | (#36508634)

You posted as AC because you're embarrassed about linking to bash.org, right?

Re:hunter2 (1)

Eunuchswear (210685) | more than 3 years ago | (#36510108)

Hey, how did they know my password?

Yikes, how do you roll out a fix for that. (0)

Anonymous Coward | more than 3 years ago | (#36507568)

My guess is you don't. You'll have to create a new function and leave the old one there. Otherwise anyone who does the fix no longer has matching hashes for whatever it was they used the hash for originally.

Re:Yikes, how do you roll out a fix for that. (3, Insightful)

Firehed (942385) | more than 3 years ago | (#36508010)

Have a setting in the tools that call it to use the legacy/broken implementation, and enable it by default in the next patch. See: MySQL old passwords [mysql.com] . Or some sort of option that you can set on the function, similar idea.

The better but less compatible way is to put a huge warning on the patch, telling people that if the password doesn't match, check again with the USE_BROKEN_BLOWFISH_IMPLEMENTATION flag passed into the function and if that matches, update your data with the good hash and continue on as normal. That will inevitably piss off a lot of people on shared hosting and/or unmaintained applications but from a security standpoint it's the better option.

Uh Oh... (1)

steevven1 (1045978) | more than 3 years ago | (#36507572)

Slashdot might be getting a lot of unwanted traffic from Google search queries containing "13-year-old" now...

Re:Uh Oh... (0)

mangu (126918) | more than 3 years ago | (#36507626)

Slashdot might be getting a lot of unwanted traffic from Google search queries containing "13-year-old" now...

At least Slashdot will not be alone [google.com]

Re:Uh Oh... (2)

JWSmythe (446288) | more than 3 years ago | (#36507898)

    You know, it's weird, but ya, it'll get you traffic.

    One of the things I do is run a mainstream news site. In that, pedophiles get bused for all kinds of things. Those end up being keyword rich pages that seem to come up for all kinds of fucked up variations of what pedophiles look for. There's nothing like reviewing your logs to have an amazing disgust for society as we know it.

    There is only one thing I feel good about. On some keywords and phrases, we come up in the top 3 results. So the pedophiles may be looking for underage smut, but instead they're presented with news stories about other pedophiles going to jail.

    It seems like an acceptable solution to me. Pollute their searches with so many non-smut sites, preferably with news stories about long prison terms, or deaths by the hands of other inmates. Maybe it will help encourage them to make their best attempt at winning a Darwin Award.

Re:Uh Oh... (0)

Anonymous Coward | more than 3 years ago | (#36509864)

Those end up being keyword rich pages that seem to come up for all kinds of fucked up variations of what pedophiles look for.

It's even worse. They're searching for any kind of porn with Google.

Google's motto is the last (optional?) part of the Three wise monkeys, "Do no evil". Feigning ignorance is what it's all about. It's like a grandson asking his grandparents how many times they've contemplated sex changes over the course of their lives. Are you trying to hurt Google's feelings?

Google's porn search results should just say,
Countless billions of pages searched, and we did it quickly... so we're only trying to do what's best for you, dear. Did you mean soap? Here's the top 10 results for soap.

Re:Uh Oh... (1)

tehcyder (746570) | more than 3 years ago | (#36510822)

There is only one thing I feel good about. On some keywords and phrases, we come up in the top 3 results. So the pedophiles may be looking for underage smut, but instead they're presented with news stories about other pedophiles going to jail.

Which presumably just makes them into more careful pedophiles who are harder to catch. Good work!

So if I understand this right? (1)

0123456 (636235) | more than 3 years ago | (#36507614)

I can't easily tell exactly what the bug is here, but it appears to require that you have your password algorithm set to blowfish and use passwords with non-ASCII characters? That doesn't seem a likely combination on any modern Linux installation.

Re:So if I understand this right? (2)

blair1q (305137) | more than 3 years ago | (#36507768)

In the US maybe.

Though, yes, it implies you're using accented characters and have blowfish as your algorithm.

So it's a vulnerability enabled by a very small portion of a very small population.

Which is why it lasted for 13 years with nobody caring much, except academically.

But, if you knew you could use 8-bit characters, and you generated your passwords randomly, this could affect half of your password space. Which could be significant if your passwords were kept in compartmentalized files that themselves are accessible only to different authorized people. Bureaucracy can get very hairy, in such circumstances.

Re:So if I understand this right? (1)

Obfuscant (592200) | more than 3 years ago | (#36507928)

But, if you knew you could use 8-bit characters, and you generated your passwords randomly, this could affect half of your password space.

If you generate your passwords randomly, you are going to have a hard time entering them from a lot of keyboards and OS. For example, I don't seem to be able to enter this \xa3 "pound sign" on this OS using the "alt+0163" Windows hack.

In any case, if you cut the number of selections for each character in a password in half, you cut your password space by 2^n, where n is the number of characters in your password.

Re:So if I understand this right? (2)

Obfuscant (592200) | more than 3 years ago | (#36507868)

I read the linked comment (not much of a description there), but it does appear that it is triggered by "8 bit characters" in passwords.

It talks about "pound sign" as the test, but claims that it is "\xa3 in C". I didn't know that C had a different definition for ASCII characters than ASCII does, and in my ASCII tables the octothorpe is 0x23. Ahh, maybe a language difference, and the "british currency symbol" is what he is referring to.

Or maybe this points out the error of relying on non-standard characters for anything. According to my Web Design nutshell book, \&#163 is the British pound symbol, but apparently FF3 doesn't know it (or /. strips it.) Here are two in a row: -- I see nothing. That's defined in ISO 8859-1, however, and not ASCII.

In any case, it looks like if you use standard ASCII characters in your password you are not a target for this bug.

Re:So if I understand this right? (3, Insightful)

simcop2387 (703011) | more than 3 years ago | (#36508366)

They mean the british pound sign, not the octothorpe # . Ain't language fun?

Re:So if I understand this right? (1)

hattig (47930) | more than 3 years ago | (#36510074)

Slashdot strips it, it's a known bug with Slashdot since 1998, and still not fixed. What's that? 13 years? I think the HTML works ... £

It also appears that if this library was used for any other hashing, that this bug would arise. And if that included binary files then it almost certainly would have been triggered.

The main issue is that it consistently generates the wrong hash, so that it actually appears to work fine.

However the bug fix means it now generates the correct hash. Which is going to be different. So you may have websites with significant numbers of the user base now unable to log in, for example (I am certain that accented characters will be popular in passwords in Europe, for example, and let's not even consider other areas of the world). I also wonder how many Mac users use the (S with a circle in the middle) symbol in a password. Which of course raises support queries, which costs money/time to handle ...

Re:So if I understand this right? (1)

tehcyder (746570) | more than 3 years ago | (#36510834)

Slashdot strips it, it's a known bug with Slashdot since 1998, and still not fixed. What's that? 13 years? I think the HTML works ... £

I can't believe an open source coded site like slashdot could have a 13 year old bug.

Irony (0)

Anonymous Coward | more than 3 years ago | (#36507640)

The irony is that it seems this bug was discovered by developers of John the Ripper [wikipedia.org] , a tool for cracking passwords.

hmmm (1)

nomadic (141991) | more than 3 years ago | (#36507644)

In a sign that many eyes don't really make (security) bugs shallow

Also proof that security through obscurity works.

Re:hmmm (2)

arth1 (260657) | more than 3 years ago | (#36507708)

Also proof that security through obscurity works.

Evidence, perhaps, but certainly not a proof, unless you can prove that black hats haven't exploited this in the last 13 years.

Contrary to popular belief, most black hats aren't in it for the fame, but for other reasons including personal satisfaction, thrill and in some cases monetary gains. And when you're not in it for the fame, you don't disclose what you've found -- you guard the secret carefully so you can continue to exploit it. Yes, for thirteen years. I know of active backdoors far older than that.

Re:hmmm (1)

mangu (126918) | more than 3 years ago | (#36507760)

when you're not in it for the fame, you don't disclose what you've found -- you guard the secret carefully so you can continue to exploit it. Yes, for thirteen years

What you are saying is that there are worms and viruses out there using it, there are botnets based on that bug? Interesting, why has no one noticed anything so far?

Re:hmmm (1)

arth1 (260657) | more than 3 years ago | (#36507804)

Exploits are more than botnets and viruses. There are people who log in to a former employee's server every week, copies a few documents, and leave without a trace. For years.
Some spy on exes, bosses or celebrities just for the thrill.
Some skim a little CPU power or storage here and there.
Some do single account transfers that aren't discovered.
Others simply enter machines because they can, again without running botnets and viruses.

Re:hmmm (1)

mangu (126918) | more than 3 years ago | (#36507862)

There are people who log in to a former employee's server every week, copies a few documents, and leave without a trace. For years.

And those, invariably, use social engineering. You don't break a password hashing function when all you have to do is read the post-it stuck under the table.

Re:hmmm (1)

Architect_sasyr (938685) | more than 3 years ago | (#36509372)

Sometimes you don't want to put your fingers anywhere near the site, be it for building security or whatever the reason. The continued proliferation of people who consider that you can just beat someone with a rubber hose for a password, or read it off a post it note so who would bother breaking this algorithm are entirely unhelpful to fostering a secure environment. Just because there are easy methods of physical access, doesn't mean every cracker out there is using them, just like not every cracker out there runs a giant DDoS botnet.

90% of the time I will perform a pentest completely over the wires, just to prove this exact point.

Re:hmmm (1)

Runaway1956 (1322357) | more than 3 years ago | (#36507762)

You're doing at least as well as the "intelligence" communities. Seems that all their secrets get leaked nowadays. ;>)

Re:hmmm (2)

Jonner (189691) | more than 3 years ago | (#36507720)

In a sign that many eyes don't really make (security) bugs shallow

Also proof that security through obscurity works.

How is this proof of that? For all we know, crackers have been exploiting this vulnerability for years.

Come on, it's PHP (1, Insightful)

A beautiful mind (821714) | more than 3 years ago | (#36507740)

What the fuck did you expect, excellent design practices and high quality code?

Re:Come on, it's PHP (1)

LordLucless (582312) | more than 3 years ago | (#36507954)

Uh, crypt_blowfish is pretty definitely not written in PHP. You know you can't just scan the summary for buzzwords and draw conclusions without actually reading and comprehending it don't you?

Re:Come on, it's PHP (2, Funny)

A beautiful mind (821714) | more than 3 years ago | (#36508018)

I'm an advanced slashdot user, I don't even read the summary anymore.

Re:Come on, it's PHP (1)

Simon80 (874052) | more than 3 years ago | (#36508016)

Thanks for making me laugh, but at a glance, it looks like the bug is actually in this package [openwall.com] , not PHP.

Re:Come on, it's PHP (4, Insightful)

Firehed (942385) | more than 3 years ago | (#36508150)

To be fair, it's hardly PHP's fault that the shared library's implementation was broken. The primary benefits of using a library (not reinventing the wheel, wisdom of many, etc.) are generally outweighed by occasionally inheriting one of their bugs. Especially since you also inherit their bugfixes. While the core PHP team is actually quite well accomplished at security (even if PHP enables any idiot to make insecure sites by virtue of being easy to learn), I'd still rather them use widely adopted libraries than come up with their own implementation.

Re:Come on, it's PHP (2)

kat_skan (5219) | more than 3 years ago | (#36508286)

What the fuck did you expect, excellent design practices and high quality code?

Honestly? A second function named blowfish_real_hash_string.

Re:Come on, it's PHP (1)

JohnnyBGod (1088549) | more than 3 years ago | (#36510348)

You win, sir! Well done. Somebody mod him up!

crypt_blowfish (4, Informative)

TopSpin (753) | more than 3 years ago | (#36507744)

The common thread among these systems (PHP, (Open)SUSE, etc.) is the use of crypt_blowfish, a flawed implementation of the blowfish hash function. Constructing passwords that collide is easy due to a sign extension bug. A SUSE user can observe the use of blowfish in /etc/default/passwd, where the default value of CRYPT_FILES is 'blowfish'.

To be clear, the problem is a flawed implementation; the blowfish hash algorithm itself remains sound.

The PHP crypt() function supports several common hash algorithms including blowfish. The PHP 'documentation' implies that DES is default. Anyone care to speculate on the likelyhood of widespread blowfish use by public sites?

Re:crypt_blowfish (1)

Anonymous Coward | more than 3 years ago | (#36509766)

Just to clarify something: there is no "blowfish hash function". Blowfish is just a (symmetric) block cipher with a relatively expensive (and memory-hungry) key schedule.

Although it's true there are several ways of turning a block cipher into a hash function (via Merkle-Damgaard construction, for instance), they are obviously not the same.

In a nutshell: there is no "blowfish hash function", but a "hash function based on Blowfish".

Re:crypt_blowfish (2)

szquirrel (140575) | more than 3 years ago | (#36510334)

Anyone care to speculate on the likelyhood of widespread blowfish use by public sites?

Wide. Many major PHP projects have been moving toward Openwall's PHPass algorithm that uses Blowfish as its preferred hashing algorithm. Note that even with this bug it's still better than the unsalted MD5 or SHA1 hashes that most projects were using previously. Today any of those old hashes can be brute-force cracked by a $200 GPU in about a day.

17yr-old bug in NTLM not many people knew about (1)

Anonymous Coward | more than 3 years ago | (#36507748)

http://www.ampliasecurity.com/research/OCHOA-2010-0209.txt
http://www.ampliasecurity.com/research/NTLMWeakNonce-bh2010-usa-ampliasecurity.pdf

Not used in reasonable systems anyways (1)

gweihir (88907) | more than 3 years ago | (#36507814)

These moved from DES to MD5 passwords a long time ago and were never vulnerable to this.

Another nail in the coffin for the "bazaar" model (0)

Anonymous Coward | more than 3 years ago | (#36507940)

Eric Raymond's "Cathedral and the Bazaar" postulated (without proof) that open source would be inherently more secure because so many more people would be looking at it, and that they would be able to remove the bugs. Of course, that totally misses the point of good software engineering, which is not to put the bugs into the software in the first place!

no reason to conclude open source is not secure (3, Insightful)

binarstu (720435) | more than 3 years ago | (#36508024)

Concluding, from this bug, "that many eyes don't really make (security) bugs shallow" is absolutely not justified. This is a single anecdote (sample size = 1), and there is no good or easy way to compare this to what would have happened had the code been closed. One could just as easily claim that if the code were not open, it would have been 10 more years before the bug was uncovered.

Re:no reason to conclude open source is not secure (3, Informative)

tangent (3677) | more than 3 years ago | (#36509244)

The famous quote doesn't apply to unidentified security flaws.

The point of the quote is that when someone points out buggy behavior, the many eyeballs will quickly pierce to the heart of the bug and find a way to fix it. With fewer eyes, really nasty bugs often remain unfixed long past the time they are first identified because none of the brains behind the few eyeballs that have looked at it have figured out the fix yet.

The nature of most security bugs is that their existence is not obvious. Most software with security flaws performs its intended function as long as it is run within expected bounds. There is nothing for the many eyeballs to attack until someone tries pushing the software into its operational gray areas, then notices that it does something unwanted or unexpected. As soon as that happens, the quote applies: security holes in open source software are typically fixed soon after being identified.

Re:no reason to conclude open source is not secure (1)

Steeltoe (98226) | more than 3 years ago | (#36509882)

You sure? Because I could've sworn security is nothing without taking into account unidentified security flaws.

Or else, you could argue the best security is blinding your eyes, screaming: "LALALALALALALA, no bugs heeere!"

This is why privileged account is so silly to be logged in to, something Windows Vista and 7 tries to fix using UAE. Unix has been superior in that department since day 0 using unprivileged accounts by default (ie. in the default Ubuntu-install). Even if there is a vulnerability, ie. in the Firefox UI or something similar, you're less likely to be seriously hit, by using an unprivileged account that doesn't automatically give exploits full root privileges.

Silly Microsoft. Yes, we blame them for every worm and trojan that exploit these silly security decisions.
However, security is a HARD problem, more of an ongoing process than something you can attach to any product.
Anyone serious about security, have to spend a lifetime studying and working for it.

Re:no reason to conclude open source is not secure (0)

Anonymous Coward | more than 3 years ago | (#36509960)

A pattern is emerging that every time some old bug in found in open source that writers imply something is wrong with open source and FOSS. It's annoying and stupid.

Umm, It's not an official fix (4, Interesting)

sdguero (1112795) | more than 3 years ago | (#36508032)

It appears that whoever wrote the summary didn't read the links they provided:

"I am going to provide an official fix for crypt_blowfish (likely the one-liner plus added tests). I thought I'd bring the issue up on oss-security sooner rather than later."

So, the bug appears to have been found today and the developer has a one liner solution but hasn't released a patch. I think the summary did a piss poor job talking about what is affected by the problem too... specifically crypt_blowfish, which i know my company uses for a few things. It is interesting to know that this hash is now far weaker than originally thought until it gets patched (which will prolly take a long time to make it into major distros).

Anyway, i'm done bitching, definitely a story worthy of /. I just think the summary was trying to tie in too much (old bugs blah blah) and misrepresented the impact and fix.

Importance of Clarity (1)

rueger (210566) | more than 3 years ago | (#36508144)

Seems to me that there are at least two different questions here, and that most of these comments confuse them.

The first, and perhaps more intriguing, is how a bug like this could sit undetected for years. Regardless of whether it's proprietary or Open Source software, bugs will remain until someone, somewhere finds them.

The second, and this is where Open Source arguably has an advantage, is how soon a vulnerability is patched once it has been found - in this case pretty fast.

And of course whether the patch gets applied to end users' systems.

Re:Importance of Clarity (1)

Chuck Chunder (21021) | more than 3 years ago | (#36508250)

The first, and perhaps more intriguing, is how a bug like this could sit undetected for years.

It does seem odd that people haven't run fuzzed data against a number of different implementations of blowfish and not noticed differing output. I'd have thought that would be a fairly normal thing for someone developing a crypto algorithm implementation to do.

Blowing things out of proportion (1, Insightful)

Anonymous Coward | more than 3 years ago | (#36508198)

A flaw in an obscure blowfish implementation that isn't used by any of the major distributions is not the dire situation implied here (considering SUSE basically irrelevant anymore). This incident actually reaffirms the many eyes philosophy. Few eyes had the motive to look at this particular code, so the flaw was simply not seen.

Re:Blowing things out of proportion (1)

livingboy (444688) | more than 3 years ago | (#36509978)

Guess what, I have currently one laptop and two desktops running the latest openSUSE, so for me this bug and platform is not irrelevant.

Thankfully nothing like this could happen to MS (0)

Anonymous Coward | more than 3 years ago | (#36509832)

They would never put in a backdoor to their web server that claimed Netscape engineers were weenies that went undetected for over 4 years. Oh, wait, my mistake... they did do that. http://news.cnet.com/2100-1001-239273.html [cnet.com]

easily avoided (1)

sithlord2 (261932) | more than 3 years ago | (#36509990)


Do people still use the same salt for all hash-functions? I assume this can be easily fixed if you just use an unique value (like the username) as a salt.

Ulrich Drepper was right (0)

Anonymous Coward | more than 3 years ago | (#36510208)

It seems like Ulrich Drepper was right opposing, in rather harsh words, my suggestions to include bcrypt in glibc. My bad.

Those Lulz guys... (1)

Timtimes (730036) | more than 3 years ago | (#36510328)

are gonna be so pissed. Enjoy.

Here's what's affected (1)

szquirrel (140575) | more than 3 years ago | (#36510518)

The impact of this is actually pretty wide. Crypt_blowfish has been gaining popularity as a hashing algorithm in PHP thanks to Openwall's PHPass framework [openwall.com] . Four years ago most PHP projects that I know were still using MD5 or SHA1 to hash passwords. Today those MD5 and SHA1 hashes can be brute-force cracked by free software running on a $200 GPU in a matter of days if not hours. So even a buggy version of Blowfish is still better by far.

So yeah, it's a wide-ranging bug but not a world breaking one. For starters it only affects passwords that use 8-bit characters, so passwords typed by anyone using a US-English keyboard still produce the same hashes as the correct Blowfish implementation.

For passwords of length n*4-1 (3, 7, 11, 15, ...), 8-bit characters in certain positions will result in some characters being ignored by the hash function. This makes it possible (though still not easy) to produce a collision, i.e. multiple different passwords that result in the same hash.

It's bad, but I want to stress that using even a buggy crypt_blowfish for password hashing is still a quantum leap over the single-hashed MD5 or SHA1 that you were seeing literally everywhere in the PHP world just a few years ago.

Re:Here's what's affected (0)

Anonymous Coward | more than 3 years ago | (#36510666)

...thanks to Openwall's PHPass framework.

Was I the only one who read that as PHP ass framework? Seems fitting, given the bug...

reduced entropy of hashed passwords (1)

doperative (1958782) | more than 3 years ago | (#36510854)

"Gawker used this broken implementation, which replaced all non-ascii characters with question marks prior to hashing". link [openwall.com]

"Versions of jBCrypt before 0.3 suffered from a bug related to character encoding that substantially reduced the entropy of hashed passwords containing non US-ASCII characters.

"An incorrect encoding step transparently replaced such characters by '?' prior to hashing. In the worst case of a password consisting solely of non-US-ASCII characters, this would cause its hash to be equivalent to all other such passwords of the same length". link [derkeiler.com]

Didn't anyone ever test the algorithm to see if if functioned as designed, as in producing unique hashs for very similar passwords. Would be most important as part of an encryption suite ..

So much for "Many Eyes" theory (0)

sproketboy (608031) | more than 3 years ago | (#36511256)

Another Linux FAIL.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?