alpine 3.8
crypto weakness #594

4

Weakness Breakdown


Definition:

This weakness involves creating non-standard or non-tested algorithms, using weak algorithms or applying cryptographic algorithms incorrectly. Algorithms that were once considered safe are commonly later found to be unsafe, as the algorithms were broken.

Warning code(s):

The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment.

File Name:

ldapvi/src/ldapvi-1.7/parse.c

Context:

The highlighted line of code below is the trigger point of this particular Alpine 3.8 crypto weakness.

 	close(fd);
	salt[0] = saltbag[salt[0] & 63];
	salt[1] = saltbag[salt[1] & 63];
	return crypt(key, (char *) salt);
}

static char *
cryptmd5(char *key)
{
	char *result;
	unsigned char salt[11];
	int i;
	int fd = open("/dev/random", 2);
	if (fd == -1) {
		puts("Sorry, MD5 not available: Cannot open /dev/random.");
		return 0;
	}
	salt[0] = '$ ';
	salt[1] = '1';
	salt[2] = '$ ';
	if (read(fd, salt + 3, 8) != 8) syserr();
	close(fd);
	for (i = 3; i < 11; i++)
		salt[i] = saltbag[salt[i] & 63];
	result = crypt(key, (char *) salt);
	if (!result || strlen(result) < 25) {
		puts("Sorry, MD5 not available: Are you using the glibc?");
		return 0;
	}
	return result;
}

/*
 * Read a line in
 *   name ' ' (':' encoding)? value '\n'
 * syntax, skipping comments.  VALUE is parsed according to ENCODING.
 * Empty NAME is allowed.
 *
 * 0: ok
 * -1: fatal parse error
 * -2: end of file or empty line
 */
static int
read_line1(FILE *s, GString *name, GString *value)
{
	int c;
	char *encoding;

	g_string_truncate(name, 0);
	g_string_truncate(value, 0); 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.