b***@apache.org
2018-02-05 21:11:16 UTC
https://bz.apache.org/bugzilla/show_bug.cgi?id=62078
Bug ID: 62078
Summary: "htpasswd: Unable to encode with bcrypt: Invalid
argument" when cost factor is 18 or higher
Product: Apache httpd-2
Version: 2.4.29
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: support
Assignee: ***@httpd.apache.org
Reporter: ***@yahoo.com
Target Milestone: ---
Overview:
htpasswd usage and documentation for the bcrypt -C cost argument claim to
support cost values between 4 and 31. However, when cost is 18 or higher, an
error occurs.
Either the usage and documentation for the htpasswd -C argument should be
updated, or the implementation should be updated to support the documented
cost.
Steps to Reproduce:
htpasswd -nbB -C 18 test password
Actual Results:
htpasswd: Unable to encode with bcrypt: Invalid argument
Expected Results:
the password should have been hashed using bcrypt and output to stdout
Additional Information:
It appears that _crypt_gensalt_blowfish_rn in crypt_blowfish.c from the
Apache Portable Runtime (APR 1.6.x) sets an error if count > 17. Therefore it
appears there is a discrepancy between the usage/documentation and
implementation.
working example: htpasswd -nbB -C 17 test password
Bug ID: 62078
Summary: "htpasswd: Unable to encode with bcrypt: Invalid
argument" when cost factor is 18 or higher
Product: Apache httpd-2
Version: 2.4.29
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: support
Assignee: ***@httpd.apache.org
Reporter: ***@yahoo.com
Target Milestone: ---
Overview:
htpasswd usage and documentation for the bcrypt -C cost argument claim to
support cost values between 4 and 31. However, when cost is 18 or higher, an
error occurs.
Either the usage and documentation for the htpasswd -C argument should be
updated, or the implementation should be updated to support the documented
cost.
Steps to Reproduce:
htpasswd -nbB -C 18 test password
Actual Results:
htpasswd: Unable to encode with bcrypt: Invalid argument
Expected Results:
the password should have been hashed using bcrypt and output to stdout
Additional Information:
It appears that _crypt_gensalt_blowfish_rn in crypt_blowfish.c from the
Apache Portable Runtime (APR 1.6.x) sets an error if count > 17. Therefore it
appears there is a discrepancy between the usage/documentation and
implementation.
working example: htpasswd -nbB -C 17 test password
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-***@httpd.apache.org
For additional commands, e-mail: bugs-***@httpd.apache.org
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-***@httpd.apache.org
For additional commands, e-mail: bugs-***@httpd.apache.org