+2010-04-20 Christian Kuhn <lolli@schwarzbu.ch>
+
+ * Fixed bug #13908: saltedpasswords: Enhance Unit Tests by testing passwords of various character classes
+
2010-04-19 Stanislas Rolland <typo3@sjbr.ca>
* Fixed bug #14153: htmlAreaRTE: Some Page TSConfig may break default hotkey assignments
$this->skipTestIfBlowfishIsNotAvailable();
$password = 'password';
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
- $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPW));
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
}
/**
$salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
$this->assertTrue($this->objectInstance->isValidSalt($salt));
- $saltedHashPW = $this->objectInstance->getHashedPassword($password, $salt);
- $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPW));
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
+ $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
}
/**
$password = 'password';
$maxHashCount = $this->objectInstance->getMaxHashCount();
$this->objectInstance->setHashCount($maxHashCount);
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
- $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPW));
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
// reset hashcount
$this->objectInstance->setHashCount(NULL);
}
$password = 'password';
$minHashCount = $this->objectInstance->getMinHashCount();
$this->objectInstance->setHashCount($minHashCount);
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
- $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPW));
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
// reset hashcount
$this->objectInstance->setHashCount(NULL);
}
/**
+ * Tests authentication procedure with alphabet characters.
+ *
+ * Checks if a "plain-text password" is everytime mapped to the
+ * same "salted password hash" when using the same salt.
+ *
* @test
*/
- public function authenticationWithValidPassword() {
+ public function authenticationWithValidAlphaCharClassPassword() {
$this->skipTestIfBlowfishIsNotAvailable();
- $password = 'password';
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
- $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPW));
+ $password = 'aEjOtY';
+
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+ }
+
+ /**
+ * Tests authentication procedure with numeric characters.
+ *
+ * Checks if a "plain-text password" is everytime mapped to the
+ * same "salted password hash" when using the same salt.
+ *
+ * @test
+ */
+ public function authenticationWithValidNumericCharClassPassword() {
+ $this->skipTestIfBlowfishIsNotAvailable();
+
+ $password = '01369';
+
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+ }
+
+ /**
+ * Tests authentication procedure with US-ASCII special characters.
+ *
+ * Checks if a "plain-text password" is everytime mapped to the
+ * same "salted password hash" when using the same salt.
+ *
+ * @test
+ */
+ public function authenticationWithValidAsciiSpecialCharClassPassword() {
+ $this->skipTestIfBlowfishIsNotAvailable();
+
+ $password = ' !"#$%&\'()*+,-./:;<=>?@[\]^_`{|}~';
+
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+ }
+
+ /**
+ * Tests authentication procedure with latin1 special characters.
+ *
+ * Checks if a "plain-text password" is everytime mapped to the
+ * same "salted password hash" when using the same salt.
+ *
+ * @test
+ */
+ public function authenticationWithValidLatin1SpecialCharClassPassword() {
+ $this->skipTestIfBlowfishIsNotAvailable();
+
+ $password = '';
+ for ($i = 160; $i <= 191; $i++) {
+ $password .= chr($i);
+ }
+ $password .= chr(215) . chr(247);
+
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+ }
+
+ /**
+ * Tests authentication procedure with latin1 umlauts.
+ *
+ * Checks if a "plain-text password" is everytime mapped to the
+ * same "salted password hash" when using the same salt.
+ *
+ * @test
+ */
+ public function authenticationWithValidLatin1UmlautCharClassPassword() {
+ $this->skipTestIfBlowfishIsNotAvailable();
+
+ $password = '';
+ for ($i = 192; $i <= 214; $i++) {
+ $password .= chr($i);
+ }
+ for ($i = 216; $i <= 246; $i++) {
+ $password .= chr($i);
+ }
+ for ($i = 248; $i <= 255; $i++) {
+ $password .= chr($i);
+ }
+
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
}
/**
$password = 'password';
$password1 = $password . 'INVALID';
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
- $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPW));
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPassword));
}
/**
$password = '';
$criticalPwLength = 0;
// We're using a constant salt.
- $saltedHashPWPrevious = $saltedHashPWCurrent = $salt = $this->objectInstance->getHashedPassword($pad);
+ $saltedHashPasswordPrevious = $saltedHashPasswordCurrent = $salt = $this->objectInstance->getHashedPassword($pad);
for ($i = 0; $i <= 128; $i += 8) {
$password = str_repeat($pad, max($i, 1));
- $saltedHashPWPrevious = $saltedHashPWCurrent;
- $saltedHashPWCurrent = $this->objectInstance->getHashedPassword($password, $salt);
- if ($i > 0 && 0 == strcmp($saltedHashPWPrevious, $saltedHashPWCurrent)) {
+ $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
+ $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
+ if ($i > 0 && 0 == strcmp($saltedHashPasswordPrevious, $saltedHashPasswordCurrent)) {
$criticalPwLength = $i;
break;
}
$this->skipTestIfBlowfishIsNotAvailable();
$password = 'password';
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
- $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPW));
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
}
/**
*/
public function updateNecessityForIncreasedHashcount() {
$password = 'password';
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
$increasedHashCount = $this->objectInstance->getHashCount() + 1;
$this->objectInstance->setMaxHashCount($increasedHashCount);
$this->objectInstance->setHashCount($increasedHashCount);
- $this->assertTrue($this->objectInstance->isHashUpdateNeeded($saltedHashPW));
+ $this->assertTrue($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
// reset hashcount
$this->objectInstance->setHashCount(NULL);
}
$this->skipTestIfBlowfishIsNotAvailable();
$password = 'password';
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
$decreasedHashCount = $this->objectInstance->getHashCount() - 1;
$this->objectInstance->setMinHashCount($decreasedHashCount);
$this->objectInstance->setHashCount($decreasedHashCount);
- $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPW));
+ $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
// reset hashcount
$this->objectInstance->setHashCount(NULL);
}
*/
public function createdSaltedHashOfProperStructure() {
$password = 'password';
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
- $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPW), $this->getWarningWhenMethodUnavailable());
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword), $this->getWarningWhenMethodUnavailable());
}
/**
$salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
$this->assertTrue($this->objectInstance->isValidSalt($salt), $this->getWarningWhenMethodUnavailable());
- $saltedHashPW = $this->objectInstance->getHashedPassword($password, $salt);
- $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPW), $this->getWarningWhenMethodUnavailable());
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
+ $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword), $this->getWarningWhenMethodUnavailable());
}
/**
+ * Tests authentication procedure with alphabet characters.
+ *
+ * Checks if a "plain-text password" is everytime mapped to the
+ * same "salted password hash" when using the same salt.
+ *
* @test
*/
- public function authenticationWithValidPassword() {
- $password = 'password';
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
- $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPW), $this->getWarningWhenMethodUnavailable());
+ public function authenticationWithValidAlphaCharClassPassword() {
+ $password = 'aEjOtY';
+
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
+ }
+
+ /**
+ * Tests authentication procedure with numeric characters.
+ *
+ * Checks if a "plain-text password" is everytime mapped to the
+ * same "salted password hash" when using the same salt.
+ *
+ * @test
+ */
+ public function authenticationWithValidNumericCharClassPassword() {
+ $password = '01369';
+
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
+ }
+
+ /**
+ * Tests authentication procedure with US-ASCII special characters.
+ *
+ * Checks if a "plain-text password" is everytime mapped to the
+ * same "salted password hash" when using the same salt.
+ *
+ * @test
+ */
+ public function authenticationWithValidAsciiSpecialCharClassPassword() {
+ $password = ' !"#$%&\'()*+,-./:;<=>?@[\]^_`{|}~';
+
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
+ }
+
+ /**
+ * Tests authentication procedure with latin1 special characters.
+ *
+ * Checks if a "plain-text password" is everytime mapped to the
+ * same "salted password hash" when using the same salt.
+ *
+ * @test
+ */
+ public function authenticationWithValidLatin1SpecialCharClassPassword() {
+ $password = '';
+ for ($i = 160; $i <= 191; $i++) {
+ $password .= chr($i);
+ }
+ $password .= chr(215) . chr(247);
+
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
+ }
+
+ /**
+ * Tests authentication procedure with latin1 umlauts.
+ *
+ * Checks if a "plain-text password" is everytime mapped to the
+ * same "salted password hash" when using the same salt.
+ *
+ * @test
+ */
+ public function authenticationWithValidLatin1UmlautCharClassPassword() {
+ $password = '';
+ for ($i = 192; $i <= 214; $i++) {
+ $password .= chr($i);
+ }
+ for ($i = 216; $i <= 246; $i++) {
+ $password .= chr($i);
+ }
+ for ($i = 248; $i <= 255; $i++) {
+ $password .= chr($i);
+ }
+
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
}
/**
public function authenticationWithNonValidPassword() {
$password = 'password';
$password1 = $password . 'INVALID';
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
- $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPW), $this->getWarningWhenMethodUnavailable());
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPassword), $this->getWarningWhenMethodUnavailable());
}
/**
$password = '';
$criticalPwLength = 0;
// We're using a constant salt.
- $saltedHashPWPrevious = $saltedHashPWCurrent = $salt = $this->objectInstance->getHashedPassword($pad);
+ $saltedHashPasswordPrevious = $saltedHashPasswordCurrent = $salt = $this->objectInstance->getHashedPassword($pad);
for ($i = 0; $i <= 128; $i += 8) {
$password = str_repeat($pad, max($i, 1));
- $saltedHashPWPrevious = $saltedHashPWCurrent;
- $saltedHashPWCurrent = $this->objectInstance->getHashedPassword($password, $salt);
- if ($i > 0 && 0 == strcmp($saltedHashPWPrevious, $saltedHashPWCurrent)) {
+ $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
+ $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
+ if ($i > 0 && 0 == strcmp($saltedHashPasswordPrevious, $saltedHashPasswordCurrent)) {
$criticalPwLength = $i;
break;
}
*/
public function noUpdateNecessityForMd5() {
$password = 'password';
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
- $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPW));
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
}
}
?>
\ No newline at end of file
*/
public function createdSaltedHashOfProperStructure() {
$password = 'password';
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
- $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPW));
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
}
/**
$salt = $this->objectInstance->base64Encode($randomBytes, $this->objectInstance->getSaltLength());
$this->assertTrue($this->objectInstance->isValidSalt($salt));
- $saltedHashPW = $this->objectInstance->getHashedPassword($password, $salt);
- $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPW));
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password, $salt);
+ $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
}
/**
$password = 'password';
$maxHashCount = $this->objectInstance->getMaxHashCount();
$this->objectInstance->setHashCount($maxHashCount);
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
- $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPW));
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
// reset hashcount
$this->objectInstance->setHashCount(NULL);
}
$password = 'password';
$minHashCount = $this->objectInstance->getMinHashCount();
$this->objectInstance->setHashCount($minHashCount);
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
- $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPW));
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->isValidSaltedPW($saltedHashPassword));
// reset hashcount
$this->objectInstance->setHashCount(NULL);
}
/**
+ * Tests authentication procedure with alphabet characters.
+ *
+ * Checks if a "plain-text password" is everytime mapped to the
+ * same "salted password hash" when using the same salt.
+ *
* @test
*/
- public function authenticationWithValidPassword() {
- $password = 'password';
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
- $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPW));
+ public function authenticationWithValidAlphaCharClassPassword() {
+ $password = 'aEjOtY';
+
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+ }
+
+ /**
+ * Tests authentication procedure with numeric characters.
+ *
+ * Checks if a "plain-text password" is everytime mapped to the
+ * same "salted password hash" when using the same salt.
+ *
+ * @test
+ */
+ public function authenticationWithValidNumericCharClassPassword() {
+ $password = '01369';
+
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+ }
+
+ /**
+ * Tests authentication procedure with US-ASCII special characters.
+ *
+ * Checks if a "plain-text password" is everytime mapped to the
+ * same "salted password hash" when using the same salt.
+ *
+ * @test
+ */
+ public function authenticationWithValidAsciiSpecialCharClassPassword() {
+ $password = ' !"#$%&\'()*+,-./:;<=>?@[\]^_`{|}~';
+
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+ }
+
+ /**
+ * Tests authentication procedure with latin1 special characters.
+ *
+ * Checks if a "plain-text password" is everytime mapped to the
+ * same "salted password hash" when using the same salt.
+ *
+ * @test
+ */
+ public function authenticationWithValidLatin1SpecialCharClassPassword() {
+ $password = '';
+ for ($i = 160; $i <= 191; $i++) {
+ $password .= chr($i);
+ }
+ $password .= chr(215) . chr(247);
+
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
+ }
+
+ /**
+ * Tests authentication procedure with latin1 umlauts.
+ *
+ * Checks if a "plain-text password" is everytime mapped to the
+ * same "salted password hash" when using the same salt.
+ *
+ * @test
+ */
+ public function authenticationWithValidLatin1UmlautCharClassPassword() {
+ $password = '';
+ for ($i = 192; $i <= 214; $i++) {
+ $password .= chr($i);
+ }
+ for ($i = 216; $i <= 246; $i++) {
+ $password .= chr($i);
+ }
+ for ($i = 248; $i <= 255; $i++) {
+ $password .= chr($i);
+ }
+
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertTrue($this->objectInstance->checkPassword($password, $saltedHashPassword));
}
/**
public function authenticationWithNonValidPassword() {
$password = 'password';
$password1 = $password . 'INVALID';
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
- $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPW));
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertFalse($this->objectInstance->checkPassword($password1, $saltedHashPassword));
}
/**
$password = '';
$criticalPwLength = 0;
// We're using a constant salt.
- $saltedHashPWPrevious = $saltedHashPWCurrent = $salt = $this->objectInstance->getHashedPassword($pad);
+ $saltedHashPasswordPrevious = $saltedHashPasswordCurrent = $salt = $this->objectInstance->getHashedPassword($pad);
for ($i = 0; $i <= 128; $i += 8) {
$password = str_repeat($pad, max($i, 1));
- $saltedHashPWPrevious = $saltedHashPWCurrent;
- $saltedHashPWCurrent = $this->objectInstance->getHashedPassword($password, $salt);
- if ($i > 0 && 0 == strcmp($saltedHashPWPrevious, $saltedHashPWCurrent)) {
+ $saltedHashPasswordPrevious = $saltedHashPasswordCurrent;
+ $saltedHashPasswordCurrent = $this->objectInstance->getHashedPassword($password, $salt);
+ if ($i > 0 && 0 == strcmp($saltedHashPasswordPrevious, $saltedHashPasswordCurrent)) {
$criticalPwLength = $i;
break;
}
*/
public function updateNecessityForValidSaltedPassword() {
$password = 'password';
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
- $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPW));
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
+ $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
}
/**
*/
public function updateNecessityForIncreasedHashcount() {
$password = 'password';
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
$increasedHashCount = $this->objectInstance->getHashCount() + 1;
$this->objectInstance->setMaxHashCount($increasedHashCount);
$this->objectInstance->setHashCount($increasedHashCount);
- $this->assertTrue($this->objectInstance->isHashUpdateNeeded($saltedHashPW));
+ $this->assertTrue($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
// reset hashcount
$this->objectInstance->setHashCount(NULL);
}
*/
public function updateNecessityForDecreasedHashcount() {
$password = 'password';
- $saltedHashPW = $this->objectInstance->getHashedPassword($password);
+ $saltedHashPassword = $this->objectInstance->getHashedPassword($password);
$decreasedHashCount = $this->objectInstance->getHashCount() - 1;
$this->objectInstance->setMinHashCount($decreasedHashCount);
$this->objectInstance->setHashCount($decreasedHashCount);
- $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPW));
+ $this->assertFalse($this->objectInstance->isHashUpdateNeeded($saltedHashPassword));
// reset hashcount
$this->objectInstance->setHashCount(NULL);
}