Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.
...
PKCS5_PBKDF2_HMAC(pass, strlen(pass), "2!@$(5#@532@%#$253l5#@$", 2, ITERATION, EVP_sha512(), outputBytes, digest);
...
...
private static final String salt = "2!@$(5#@532@%#$253l5#@$";
...
PBEKeySpec pbeSpec=new PBEKeySpec(password);
SecretKeyFactory keyFact=SecretKeyFactory.getInstance(CIPHER_ALG);
PBEParameterSpec defParams=new PBEParameterSpec(salt,100000);
Cipher cipher=Cipher.getInstance(CIPHER_ALG);
cipher.init(cipherMode,keyFact.generateSecret(pbeSpec),defParams);
...
...
const salt = "some constant value";
crypto.pbkdf2(
password,
salt,
iterations,
keyLength,
"sha256",
function (err, derivedKey) { ... }
);
...
CCKeyDerivationPBKDF(kCCPBKDF2,
password,
passwordLen,
"2!@$(5#@532@%#$253l5#@$",
2,
kCCPRFHmacAlgSHA256,
100000,
derivedKey,
derivedKeyLen);
...
...
$hash = hash_pbkdf2('sha256', $password, '2!@$(5#@532@%#$253l5#@$', 100000)
...
...
from hashlib import pbkdf2_hmac
dk = pbkdf2_hmac('sha256', password, '2!@$(5#@532@%#$253l5#@$', 100000)
...
...
dk = OpenSSL::PKCS5.pbkdf2_hmac(password, '2!@$(5#@532@%#$253l5#@$', 100000, 256, digest)
...
...
let ITERATION = UInt32(100000)
let salt = "2!@$(5#@532@%#$253l5#@$"
...
CCKeyDerivationPBKDF(CCPBKDFAlgorithm(kCCPBKDF2),
password,
passwordLength,
salt,
salt.lengthOfBytesUsingEncoding(NSUTF8StringEncoding),
CCPseudoRandomAlgorithm(kCCPRFHmacAlgSHA256),
ITERATION,
derivedKey,
derivedKeyLength)
...
...
crypt(password, "2!@$(5#@532@%#$253l5#@$");
...
...
salt := "2!@$(5#@532@%#$253l5#@$"
password := get_password()
sha256.Sum256([]byte(salt + password)
...
...
Encryptor instance = ESAPI.encryptor();
String hash1 = instance.hash(input, "2!@$(5#@532@%#$253l5#@$");
...
javap -c command to access the disassembled code, which will contain the values of the used salt.
...
crypt($password, '2!@$(5#@532@%#$253l5#@$');
...
...
from django.contrib.auth.hashers import make_password
make_password(password, salt="2!@$(5#@532@%#$253l5#@$")
...
require 'openssl'
...
password = get_password()
salt = '2!@$(5#@532@%#$253l5#@$'
hash = OpenSSL::Digest::SHA256.digest(salt + password)
...
...
byte[] passwd = Encoding.UTF8.GetBytes(txtPassword.Text);
Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes(passwd, passwd,10001);
...
...
let password = getPassword();
let salt = password;
crypto.pbkdf2(
password,
salt,
iterations,
keyLength,
"sha256",
function (err, derivedKey) { ... }
);
function register(){
$password = $_GET['password'];
$username = $_GET['username'];
$hash = hash_pbkdf2('sha256', $password, $password, 100000);
...
import hashlib, binascii
def register(request):
password = request.GET['password']
username = request.GET['username']
dk = hashlib.pbkdf2_hmac('sha256', password, password, 100000)
hash = binascii.hexlify(dk)
store(username, hash)
...
require 'openssl'
...
req = Rack::Response.new
password = req.params['password']
...
key = OpenSSL::PKCS5::pbkdf2_hmac(password, password, 100000, 256, 'SHA256')
...
...
String minimumBits = prop.getProperty("minimumbits");
Hashing.goodFastHash(minimumBits).hashString("foo", StandardCharsets.UTF_8);
...
Example 1 runs successfully, but anyone who can get to this functionality can manipulate the minimum bits used to hash the password by modifying the property minimumBits. After the program ships, it can be difficult to undo an issue regarding user-controlled minimum bits, because you cannot know whether a password hash had its minimum bits set by a malicious user.
string salt = ConfigurationManager.AppSettings["salt"];
...
Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes("password", Encoding.ASCII.GetBytes(salt));
...
Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to derive the key or password by modifying the property salt. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.
...
salt = getenv("SALT");
PKCS5_PBKDF2_HMAC(pass, sizeof(pass), salt, sizeof(salt), ITERATION, EVP_sha512(), outputBytes, digest);
...
Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to derive the key or password by modifying the environment variable SALT. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.
...
Properties prop = new Properties();
prop.load(new FileInputStream("local.properties"));
String salt = prop.getProperty("salt");
...
PBEKeySpec pbeSpec=new PBEKeySpec(password);
SecretKeyFactory keyFact=SecretKeyFactory.getInstance(CIPHER_ALG);
PBEParameterSpec defParams=new PBEParameterSpec(salt,100000);
Cipher cipher=Cipher.getInstance(CIPHER_ALG);
cipher.init(cipherMode,keyFact.generateSecret(pbeSpec),defParams);
...
Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to derive the key or password by modifying the property salt. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.
app.get('/pbkdf2', function(req, res) {
...
let salt = req.params['salt'];
crypto.pbkdf2(
password,
salt,
iterations,
keyLength,
"sha256",
function (err, derivedKey) { ... }
);
}
Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to derive the key or password by modifying the property salt. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.
...
@property (strong, nonatomic) IBOutlet UITextField *inputTextField;
...
NSString *salt = _inputTextField.text;
const char *salt_cstr = [salt cStringUsingEncoding:NSUTF8StringEncoding];
...
CCKeyDerivationPBKDF(kCCPBKDF2,
password,
passwordLen,
salt_cstr,
salt.length,
kCCPRFHmacAlgSHA256,
100000,
derivedKey,
derivedKeyLen);
...
Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to derive the key or password by modifying the text in the UITextField inputTextField. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.
function register(){
$password = $_GET['password'];
$username = $_GET['username'];
$salt = getenv('SALT');
$hash = hash_pbkdf2('sha256', $password, $salt, 100000);
...
Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to derive the key or password by modifying the environment variable SALT. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.
import hashlib, binascii
def register(request):
password = request.GET['password']
username = request.GET['username']
salt = os.environ['SALT']
dk = hashlib.pbkdf2_hmac('sha256', password, salt, 100000)
hash = binascii.hexlify(dk)
store(username, hash)
...
Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to derive the key or password by modifying the environment variable SALT. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.
...
salt=io.read
key = OpenSSL::PKCS5::pbkdf2_hmac(pass, salt, iter_count, 256, 'SHA256')
...
Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to derive the key or password by modifying the text in salt. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.
...
@IBOutlet weak var inputTextField : UITextField!
...
let salt = (inputTextField.text as NSString).dataUsingEncoding(NSUTF8StringEncoding)
let saltPointer = UnsafePointer<UInt8>(salt.bytes)
let saltLength = size_t(salt.length)
...
let algorithm : CCPBKDFAlgorithm = CCPBKDFAlgorithm(kCCPBKDF2)
let prf : CCPseudoRandomAlgorithm = CCPseudoRandomAlgorithm(kCCPRFHmacAlgSHA256)
CCKeyDerivationPBKDF(algorithm,
passwordPointer,
passwordLength,
saltPointer,
saltLength,
prf,
100000,
derivedKeyPointer,
derivedKeyLength)
...
Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to derive the key or password by modifying the text in the UITextField inputTextField. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.
...
salt = getenv("SALT");
password = crypt(getpass("Password:"), salt);
...
Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to hash the password by modifying the environment variable SALT. Additionally, this code uses the crypt() function, which should not be used for cryptographic hashing of passwords. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.
func someHandler(w http.ResponseWriter, r *http.Request){
r.parseForm()
salt := r.FormValue("salt")
password := r.FormValue("password")
...
sha256.Sum256([]byte(salt + password))
}
Example 1 will run successfully, but anyone who can get to this functionality can to manipulate the salt used to hash the password by modifying the environment variable salt. Additionally, this code uses the Sum256 cryptographic hash function, which should not be used for cryptographic hashing of passwords. After the program ships, it is nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.
...
Properties prop = new Properties();
prop.load(new FileInputStream("local.properties"));
String salt = prop.getProperty("salt");
...
MessageDigest digest = MessageDigest.getInstance("SHA-256");
digest.reset();
digest.update(salt);
return digest.digest(password.getBytes("UTF-8"));
...
Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to hash the password by modifying the property salt. After the program ships, it can be very difficult to undo an issue regarding user-controlled salts, as one would likely have no way of knowing whether or not a password hash had its salt determined by a malicious user.
import hashlib, binascii
def register(request):
password = request.GET['password']
username = request.GET['username']
salt = os.environ['SALT']
hash = hashlib.md5("%s:%s" % (salt, password,)).hexdigest()
store(username, hash)
...
Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to hash the password by modifying the environment variable SALT. Additionally, this code uses the md5() cryptographic hash function, which should not be used for cryptographic hashing of passwords. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.
...
salt = req.params['salt']
hash = @userPassword.crypt(salt)
...
Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to hash the password by modifying the parameter salt. Additionally, this code uses the String#crypt() function, which should not be used for cryptographic hashing of passwords. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.
let saltData = userInput.data(using: .utf8)
sharedSecret.hkdfDerivedSymmetricKey(
using: SHA256.self,
salt: saltData,
sharedInfo: info,
outputByteCount: 1000
)
Example 1 will run successfully, but anyone who can get to this functionality can manipulate the salt used to derive the encryption key by modifying the value of userInput. After the program ships, it is not trivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.
...
String seed = prop.getProperty("seed");
Hashing.murmur3_32_fixed(Integer.parseInt(seed)).hashString("foo", StandardCharsets.UTF_8);
...
Example 1 runs successfully, but anyone who can get to this functionality can manipulate the seed used to hash the password by modifying the property seed. After the program ships, it can be difficult to undo an issue regarding user-controlled seeds, because you cannot know whether a password hash had its seed determined by a malicious user.