-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Argon2 v10 fix #56
Argon2 v10 fix #56
Conversation
…es to version 1.0
…ike they were version 1.0
Just remembered it might be a good idea to also mention this in the documentation of |
Sorry for taking a long time to respond to this. I hope to get to this in a few days. |
No rush, this isn't a pressing fix 👌 |
password/src/Data/Password/Argon2.hs
Outdated
let ps = T.split (== ',') params | ||
guard $ Prelude.length ps == 3 | ||
go ps (Nothing, Nothing, Nothing) | ||
parseAll argon2Variant argon2Version parametersT salt64 hashedKey64 = do |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a nitpick, but I felt like I wanted a type signature on this function. I thought it might be a little easier to see exactly what it is doing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
parseAll :: Argon2.Variant -> Argon2.Version -> Text -> Text -> Text -> Maybe (Argon2Params, Salt Argon2, ByteString)
Sure, I'll add this in before I merge it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This LGTM!
Aims to fix #54
Argon2 hash without a version part will be interpreted as having been hashed with version 1.0 (
v=16
)Not so much a "bug", especially since almost all usages of Argon2 are generally version 1.3, but it's a small effort to also accept hashes without a version part.