From f9fad8adaa6b72c35183afbfefc7c6a336720877 Mon Sep 17 00:00:00 2001
From: Steve Thomas <Sc00bz@users.noreply.github.com>
Date: Tue, 16 Jul 2019 14:48:57 -0500
Subject: [PATCH] Added bug collisions to bcrypt

Signed char bug: $2y$ is using the correct code. The $2x$ (the old $2a$) extended the sign bit of a character on top of at most the 3 characters before it (4 byte boundary).

Null char bug: nothing after the first null character is used. This breaks when using prehashed bcrypt with raw output.
---
 bcrypt.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/bcrypt.md b/bcrypt.md
index 2982e21..d52479d 100644
--- a/bcrypt.md
+++ b/bcrypt.md
@@ -2,4 +2,15 @@
 12345678901234567890123456789012345678901234567890123456789012345678901234567890
 123456789012345678901234567890123456789012345678901234567890123456789012
 123456789012345678901234567890123456789012345678901234567890123456789012abcdef
+
+$2x$05$lPSRXpG1jAGo.aU0MGocPeJYKJPPRxPtEnguhOSPPlGPqXJEZ6tyu:\x61\xc2\xb1
+$2x$05$lPSRXpG1jAGo.aU0MGocPeJYKJPPRxPtEnguhOSPPlGPqXJEZ6tyu:\x62\xc2\xb1
+$2x$05$lPSRXpG1jAGo.aU0MGocPeJYKJPPRxPtEnguhOSPPlGPqXJEZ6tyu:\xff\xff\xb1
+$2y$05$lPSRXpG1jAGo.aU0MGocPeJYKJPPRxPtEnguhOSPPlGPqXJEZ6tyu:\xff\xff\xb1
+
+password\0abcdef
+password
+
+bcrypt(md5("168", true)) == bcrypt(md5("363", true))
+bcrypt(hash('sha256', "286", true)) == bcrypt(hash('sha256', "671", true))
 ```