Frost Jedi

Skip to content

Problems with passwords that contain special characters

Get help with using the PHP Secure Communications Library.

Moderator: Nuxius

Forum rules
The purpose of this forum is to provide support for phpseclib, a pure PHP SSH / SFTP / RSA library.

Posts by new users are held in a moderation queue and are not publicly visible until the post is approved.
Post a reply

Problems with passwords that contain special characters

Postby gruberroland » Thu May 19, 2011 6:13 pm

Hi,

first of all thanks for this great project. :)

I use 0.2.2 and the password authentication works fine when using passwords that contain ASCII characters but I have problems with non-ASCII ones. E.g. UTF-8 with German umlauts (äöüß). SSHD rejects the login because of wrong password.
Since the same password string can be used for ldap_login() this seems to be a problem somewhere in phpseclib (encoding?).

Any idea what may cause this and how to fix it?

Thanks in advance for your help.
gruberroland
Traveler
 
Posts: 5
Joined: Sun May 09, 2010 3:07 pm
Top

Re: Problems with passwords that contain special characters

Postby TerraFrost » Sun May 29, 2011 2:46 pm

I apologize for the delay - I've been busy moving into a new apartment and have had intermittent net access during the move.

Anyway, I've made some updates that'll accomodate this. To send passwords with special characters you'll need to save the PHP script with UTF-8 encoding without a BOM. Without a BOM a subsequent attempt to open the file will potentially make "äöüß" look like "äöüß". That's because UTF-8 is a variable-byte encoding scheme;. Some characters use one byte - others use multiple bytes.
TerraFrost
Legendary Guard
 
Posts: 12216
Joined: Wed Dec 04, 2002 6:37 am
Top

Re: Problems with passwords that contain special characters

Postby gruberroland » Tue May 31, 2011 4:31 pm

The password is not stored inside a PHP script but comes via POST from an UTF-8 encoded page. I am pretty sure that the password is correct UTF-8. I can login via SSH when I remove the "utf8_encode()" in SSH2.php, line 1341.
The problem is that utf8_encode() expects a ISO-8859-1 String and then converts it to UTF-8. But if the input is already UTF-8 then it destroys special characters.

Unfortunately, I cannot just convert the password to ISO-8859-1 before because this is not possible when it contains special characters that are missing in ISO-8859-1.
gruberroland
Traveler
 
Posts: 5
Joined: Sun May 09, 2010 3:07 pm
Top

Re: Problems with passwords that contain special characters

Postby TerraFrost » Fri Jun 03, 2011 8:30 pm

The latest SVN removes utf8_encode() and having the page encoded as UTF-8 should mean that any passwords sent over are in UTF-8 as well. eg.

Code: Select all
<?php
echo strlen($_GET['test']);
?>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<form action="" method="get">
<input type="text" name="test" value="" /><br />
<input type="submit" value="Submit" />
</form>

Enter "äöüß" and you get 8 for that. Remove the meta tag and do the same thing and you get 4.
TerraFrost
Legendary Guard
 
Posts: 12216
Joined: Wed Dec 04, 2002 6:37 am
Top

Re: Problems with passwords that contain special characters

Postby gruberroland » Sun Jun 05, 2011 6:41 pm

Great, thank you very much. :)
gruberroland
Traveler
 
Posts: 5
Joined: Sun May 09, 2010 3:07 pm
Top
Post a reply

Return to phpseclib support

Who is online

Users browsing this forum: No registered users and 2 guests

Powered by phpBB® Forum Software © phpBB Group
cron