PHP 中的 Bcrypt 被破坏了?可以轻松包含任何恶意负载
盐:可以是任何东西。
工作因素:可以是任何东西。
以下所有内容都会生成相同的哈希值!
$pad = base64_decode('/gB=');
$data = array(
'LegitimatePayload',
'LaterSwitchedToMaliciousPayload',
'Abracadabra',
'hatIsGoingOn',
'CanBeAlmostAnything',
);
foreach($data as $str){
echo crypt($pad.$str, '$2a$04$AnySaltHere')."<br>\n";
}
输出:
$2a$04$AnySaltHere$$$$$$$$$$.m/QKi19jyBmSuP2VMcVuFRw.weCNRBa
$2a$04$AnySaltHere$$$$$$$$$$.m/QKi19jyBmSuP2VMcVuFRw.weCNRBa
$2a$04$AnySaltHere$$$$$$$$$$.m/QKi19jyBmSuP2VMcVuFRw.weCNRBa
$2a$04$AnySaltHere$$$$$$$$$$.m/QKi19jyBmSuP2VMcVuFRw.weCNRBa
$2a$04$AnySaltHere$$$$$$$$$$.m/QKi19jyBmSuP2VMcVuFRw.weCNRBa
$2a$04$AnySaltHere$$$$$$$$$$.m/QKi19jyBmSuP2VMcVuFRw.weCNRBa
编辑:
这是一个具有相同前两个字节但具有不同哈希值的字符串:
base64_decode('/gBQyoK71jVY/J7QuBNJuFdxyf2eTBCs42chkx6ZvpJYszpzg===')
如果 php 在第一个 NUL 字节处停止,那么你如何解释这一点?
Salt: can be anything.
Work factor: can be anything.
All of the following generate the same hash!
$pad = base64_decode('/gB=');
$data = array(
'LegitimatePayload',
'LaterSwitchedToMaliciousPayload',
'Abracadabra',
'hatIsGoingOn',
'CanBeAlmostAnything',
);
foreach($data as $str){
echo crypt($pad.$str, '$2a$04$AnySaltHere')."<br>\n";
}
Output:
$2a$04$AnySaltHere$$$$$.m/QKi19jyBmSuP2VMcVuFRw.weCNRBa
$2a$04$AnySaltHere$$$$$.m/QKi19jyBmSuP2VMcVuFRw.weCNRBa
$2a$04$AnySaltHere$$$$$.m/QKi19jyBmSuP2VMcVuFRw.weCNRBa
$2a$04$AnySaltHere$$$$$.m/QKi19jyBmSuP2VMcVuFRw.weCNRBa
$2a$04$AnySaltHere$$$$$.m/QKi19jyBmSuP2VMcVuFRw.weCNRBa
$2a$04$AnySaltHere$$$$$.m/QKi19jyBmSuP2VMcVuFRw.weCNRBa
Edit:
Here is a string that has the same first two bytes but has a different hash:
base64_decode('/gBQyoK71jVY/J7QuBNJuFdxyf2eTBCs42chkx6ZvpJYszpzg===')
If php stopped at first NUL byte, then how do you explain this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
所有字符串都有一个前缀,当通过
base64_decode运行时,会生成一个0xfe字符和一个0x00字符,并带有额外的 - 变化 - 0x00 之后的字符。由于标准 crypt 将在0x00字符处停止,因此所有 crypt 调用仅加密0xfe字符。您可以通过调用来验证它
,这将给出相同的结果。
我假设您错误地使用了
base64_decode,这意味着实际调用了base64_encode。编辑:正如 Roman 指出的那样,
尽管前缀相同,该字符串实际上会完全加密为其他内容。这是因为该字符串实际上是无效的 base64 并且 base64_decode 返回 false。这会导致字符串加密为与空字符串相同的哈希值。
All your strings have a prefix that will - when run through
base64_decode- result in a0xfecharacter and a0x00character with the extra - varying - characters after the 0x00. Since standard crypt will stop at a0x00character, all your crypt calls only encrypt the0xfecharacter.You can verify it by just calling
which will give the same result.
I'm assuming you used
base64_decodeby mistake meaning to actually callbase64_encode.Edit: As Roman points out, the string
will actually - despite the same prefix - crypt to something else entirely. This is due to that string actually being invalid base64 and base64_decode returning false. That results in the string crypt'ing to the same hash as the empty string does instead.
您没有提供任何有效的 base64 编码字符串,因此 base64_decode 可能只会为所有测试用例返回 false,因此它将对它们进行相同的加密。你为什么要使用base64_decode?
You're not providing any valid base64 encoded strings, so base64_decode will probably just return false for all of your test cases, and thus it will encrypt them all the same. Why are you using base64_decode anyway?
您可能需要
base64_encode而不是base64_decode。它返回相同的原因是因为结果总是 false。You probably want
base64_encodeand notbase64_decode. the reason it all returns the same is because the result is always false.