[TriLUG] Debian upgrade broke authentication

Wes Garrison via TriLUG trilug at trilug.org
Sat Dec 25 15:54:11 EST 2021


I need some Christmas help.

I decided to use the opportunity of being closed for 2 days to upgrade our
production Debian server from 10/Buster to 11/Bullseye.

I tested on a development server first, and everything seemed to work fine.

On production, of course, it doesn't.

We use Perl and the bcrypt library to hash passwords, and bcrypt now
complains that the "salt must be exactly sixteen octets long" when
retrieving the salt from MariaDB and trying to log in.

When creating a new user and generating a new 16 character/16 byte salt,
MariaDB complains with:
Incorrect string value: '\\x8E\\x05#\\xAB\\x18:...' for column
`users`.`salt`

This seems to be a problem with either the way MariaDB is storing values,
or the way Perl's DBI is storing/retrieving values.  I can't tell which.

For what it's worth, the users table uses `latin1` encoding, but changing
it to utf8 or utf8mb4 doesn't seem to help.

I wrote a test script that shows that I am generating correct salts that
are 16 characters and 16 bytes, but either DBI or MariaDB is rejecting it.
It also shows that salts retrieved from MariaDB are ~25 characters and 25
bytes, whether the table is latin1 or utf8mb4.  If I add"

mysql_enable_utf8mb4=1

...to my DBI connection, the retrieved salt shows 16 characters **but 25
bytes*.*

The result is no one can log in or create a new account, which is a Bad
Thing.

I'm stumped.  Any ideas would be most appreciated.

-Wes


More information about the TriLUG mailing list