Skip to content

Check BCrypt hashed value of a byte array  #7661

New issue
New issue
Closed
#7662
Closed
Check BCrypt hashed value of a byte array #7661
#7662
Assignees
eleftherias
Labels
in: cryptoAn issue in spring-security-cryptotype: enhancementA general enhancement
Milestone
 
5.3.0.M1
@rafahop

Description

@rafahop
rafahop
opened on Nov 20, 2019

Summary

Since 5.2.0.RELEASE (388a7b6) BCrypt offers an overloaded hashpw method to hash a byte array. However there is no checkpw equivalent to check wether a byte array matches a previously hashed string.

If hashing a byte[], we are forced to wrap it into a String when calling the existing checkpw and this does not necessarily returns the correct result:

byte[] pw = new byte[] { -5 };
assertThat(BCrypt.checkpw(new String(pw), BCrypt.hashpw(pw, BCrypt.gensalt()))).isTrue();

Metadata

Metadata

Assignees

Labels

in: cryptoAn issue in spring-security-cryptotype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions