bcrypt: reject passwords longer than 72 bytes

rolandshoemaker · gopherbot · commit bc7d1d1eb54b · 2022-12-21T17:19:30.000Z
By design, bcrypt only uses the first 72 bytes of a password when generating a hash. Most implementations, including the reference one, simply silently ignore any trailing input when provided passwords longer than 72 bytes. This can cause confusion for users who expect the entire password to be used to generate the hash. In GenerateFromPassword, reject passwords longer than 72 bytes. CompareHashAndPassword will still accept these passwords, since we cannot break hashes that have already been stored. Fixes golang/go#36546 Change-Id: I039addd2a2961a7fa9d1e4a3e892a9e3c8bf4c9a Reviewed-on: https://go-review.googlesource.com/c/crypto/+/450415 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Jason McNeil <jmcneil@x2studios.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org>
diff --git a/bcrypt/bcrypt.go b/bcrypt/bcrypt.go
@@ -82,11 +82,20 @@ type hashed struct {
 	minor byte
 }
 
+// ErrPasswordTooLong is returned when the password passed to
+// GenerateFromPassword is too long (i.e. > 72 bytes).
+var ErrPasswordTooLong = errors.New("bcrypt: password length exceeds 72 bytes")
+
 // GenerateFromPassword returns the bcrypt hash of the password at the given
 // cost. If the cost given is less than MinCost, the cost will be set to
 // DefaultCost, instead. Use CompareHashAndPassword, as defined in this package,
 // to compare the returned hashed password with its cleartext version.
+// GenerateFromPassword does not accept passwords longer than 72 bytes, which
+// is the longest password bcrypt will operate on.
 func GenerateFromPassword(password []byte, cost int) ([]byte, error) {
+	if len(password) > 72 {
+		return nil, ErrPasswordTooLong
+	}
 	p, err := newFromPassword(password, cost)
 	if err != nil {
 		return nil, err
diff --git a/bcrypt/bcrypt_test.go b/bcrypt/bcrypt_test.go
@@ -241,3 +241,10 @@ func TestNoSideEffectsFromCompare(t *testing.T) {
 		t.Errorf("got=%q want=%q", got, want)
 	}
 }
+
+func TestPasswordTooLong(t *testing.T) {
+	_, err := GenerateFromPassword(make([]byte, 73), 1)
+	if err != ErrPasswordTooLong {
+		t.Errorf("unexpected error: got %q, want %q", err, ErrPasswordTooLong)
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -241,3 +241,10 @@ func TestNoSideEffectsFromCompare(t *testing.T) {`
`241`	`241`	`t.Errorf("got=%q want=%q", got, want)`
`242`	`242`	`}`
`243`	`243`	`}`
	`244`	`+`
	`245`	`+func TestPasswordTooLong(t *testing.T) {`
	`246`	`+ _, err := GenerateFromPassword(make([]byte, 73), 1)`
	`247`	`+ if err != ErrPasswordTooLong {`
	`248`	`+ t.Errorf("unexpected error: got %q, want %q", err, ErrPasswordTooLong)`
	`249`	`+ }`
	`250`	`+}`