On Fri, 24 Jan 2025 at 19:06, Alvaro Herrera <alvherre@alvh.no-ip.org> wrote:
> On 2025-Jan-24, Bernd Helmle wrote:
>
>> So we behave exactly the same way as px_crypt_md5(): It stops after the
>> first '$' after the magic byte preamble. For shacrypt, this could be
>> the next '$' after the closing one of the non-mandatory 'rounds'
>> option, but with your example this doesn't happen since it gets never
>> parsed. The salt length will be set to 0.
>
> IMO silently using no salt or 0 iterations because the input is somewhat
> broken is bad security and should be rejected. If we did so in the past
> without noticing, that's bad already, but we should not replicate that
> behavior any further.
>
I agree with this point, so maybe we should fix this for px_crypt_md().
--
Regrads,
Japin Li
