New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update blowfish imprementation to latest version #182
Conversation
build was timing out on rbx-3 while installing gems, it seems this did the trick |
@tjschuck @tenderlove any chance someone will look at this? (Not sure if there are any active maintainers on the repo) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@fonica Thank you — this is excellent! I've been waiting for those JRuby changes to land in Spring for a while, so I'm glad to see it finally happened!
These were deleted in #182, but are a part of the Openwall test vectors. They’re important because they’re actually making the string longer than 72 characters, which is the test that the vector is going for.
These were deleted in #182, but are a part of the Openwall test vectors. They’re important because they’re actually making the string longer than 72 characters, which is the test that the vector is going for.
👏 👏 |
These were deleted in #182, but are a part of the Openwall test vectors. They’re important because they’re actually making the string longer than 72 characters, which is the test that the vector is going for.
These were deleted in #182, but are a part of the Openwall test vectors. They’re important because they’re actually making the string longer than 72 characters, which is the test that the vector is going for.
These were deleted in #182, but are a part of the Openwall test vectors. They’re important because they’re actually making the string longer than 72 characters, which is the test that the vector is going for.
@fonica would this fix make it so that secrets hashed with older gem versions produce a different hash than the one produced by this new, fixed version in some cases? If so, how common would those cases be do you think? |
Changes:
lib/bcrypt/engine.rb
to pass the secret as java bytes; it seems jruby messes up the encoding for certain bytes if the secret is passed as a string.This should help close some old PRs and issues addressing this problem. The main one I think is PR #91