Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check BCrypt hashed value of a byte array #7661

Closed
rafahop opened this issue Nov 20, 2019 · 0 comments · Fixed by #7662
Closed

Check BCrypt hashed value of a byte array #7661

rafahop opened this issue Nov 20, 2019 · 0 comments · Fixed by #7662
Assignees
@eleftherias
Labels
in: crypto An issue in spring-security-crypto type: enhancement A general enhancement
Milestone
5.3.0.M1

Comments

@rafahop
Copy link
Contributor

rafahop commented Nov 20, 2019

Summary

Since 5.2.0.RELEASE (388a7b6) BCrypt offers an overloaded hashpw method to hash a byte array. However there is no checkpw equivalent to check wether a byte array matches a previously hashed string.

If hashing a byte[], we are forced to wrap it into a String when calling the existing checkpw and this does not necessarily returns the correct result:

byte[] pw = new byte[] { -5 };
assertThat(BCrypt.checkpw(new String(pw), BCrypt.hashpw(pw, BCrypt.gensalt()))).isTrue();
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Nov 20, 2019
@rafahop rafahop mentioned this issue Nov 20, 2019
Merged
@eleftherias eleftherias self-assigned this Nov 29, 2019
@eleftherias eleftherias added in: crypto An issue in spring-security-crypto type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Nov 29, 2019
@rafahop rafahop mentioned this issue Dec 9, 2019
Closed
eleftherias pushed a commit that referenced this issue Dec 13, 2019
@rafahop @eleftherias
Check hashes of byte array passwords
65f5c29 
Fixes gh-7661
@eleftherias eleftherias added this to the 5.3.0.M1 milestone Dec 13, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eleftherias eleftherias

Labels
in: crypto An issue in spring-security-crypto type: enhancement A general enhancement
Projects
None yet
Milestone
5.3.0.M1
Development

Successfully merging a pull request may close this issue.

Check BCrypt hashes of byte array passwords
3 participants
@eleftherias @rafahop @spring-projects-issues