Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verifier always return Result with wrong version #24

Closed
hex-agon opened this issue Oct 20, 2019 · 1 comment
Closed

Verifier always return Result with wrong version #24

hex-agon opened this issue Oct 20, 2019 · 1 comment
Assignees
@patrickfav
Labels
bug Something isn't working
Milestone
v0.9.0

Comments

@hex-agon
Copy link

hex-agon commented Oct 20, 2019
edited
Loading

Whenever you verify a hash the returned in the result is always $2a$:

Sample case:

Hasher hasher = BCrypt.with(Version.VERSION_2B);
long start = System.currentTimeMillis();
System.out.println("start");
byte[] hash = hasher.hash(12, "abc321".getBytes(StandardCharsets.UTF_8));
System.out.println("end");
System.out.println("Took " + (System.currentTimeMillis() - start) + "ms");

Verifyer verifier = BCrypt.verifyer();

start = System.currentTimeMillis();
System.out.println("start");
System.out.println(verifier.verifyStrict("abc321".getBytes(StandardCharsets.UTF_8), hash, Version.VERSION_2B));
System.out.println("end");
System.out.println("Took " + (System.currentTimeMillis() - start) + "ms");

Output:

start
end
Took 375ms
start
Result{details=HashData{cost=12, version=$2a$, rawSalt=63307d3ec2480e8b1840095fc8ce0d06, rawHash=77ce9567471ac1e2d1600a1219d26c9b5f67915df519c1}, validFormat=true, verified=true, formatErrorMessage='null'}
end
Took 305ms

This happens with both verify and verifyStrict.

As far as i could pinpoint, both functions end up calling this method which completely ignores the requested hash version and ends up using BCrypt.withDefaults().

Even though this seems to have no effect in the verification result it is an issue that can be fixed quickly.
@patrickfav patrickfav self-assigned this Oct 20, 2019
@patrickfav patrickfav added the bug Something isn't working label Oct 20, 2019
@patrickfav patrickfav added this to the v0.9.0 milestone Oct 20, 2019
patrickfav added a commit that referenced this issue Oct 20, 2019
@patrickfav
Fix not returning correct hash version when verifying
c2f0f26 
[Breaking API Change]

refs #24
@patrickfav patrickfav mentioned this issue Oct 20, 2019
Merged
@patrickfav
Copy link
Owner

patrickfav commented Oct 20, 2019
edited
Loading

Will be released with v0.9.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@patrickfav patrickfav

Labels
bug Something isn't working
Projects
None yet
Milestone
v0.9.0
Development

No branches or pull requests
2 participants
@patrickfav @hex-agon