Adds a new password encryption scheme bcrypt0, which is like bcrypt,
but null-terminating the password. This ensures that repetitive
passwords ("abcabc") cannot be shortened to their base
pattern ("abc"). This is also the recommended approach for an ASCII
password, per
https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node4.html
Before, we used plain bcrypt by default, which expands the given
password by repeating. This made "abc" work as password for "abcabc".
For passwords with a decent amount of entropy, this should not make a
difference for practical security, so we are not invalidating existing
passwords by forcing everyone onto 'bcrypt0'.
Thanks to Guillame Chauvel <guillame.chauvel@gmail.com> for
discovering and analyzing this bug.
Bug: Issue 12439
Change-Id: I472c66acf085c95b79cdf91f8e9e5779267b96a5
3d8dc0f7e6