Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
x/crypto/bcrypt: new prefix #5814
In 2011, was discovered a bug related to the sign extension bug, so nex versions of OpenBSD's bcrypt added support for the "$2y$" prefix (which guarantees correct handling of both 7- and 8-bit characters as in OpenBSD's "$2a$") and a countermeasure to avoid one-correct to many-buggy hash collisions with the "$2a$" prefix. http://www.openwall.com/lists/announce/2011/07/17/1 I don't know whether the Go code also has this issue. But in whatever case it should also support the "$2ay$" prefix.
referenced this issue
Jun 3, 2015
Golang's bcrypt doesn't distinguish between minor versions ("a","b","y", or any other single letter), just the major version (https://github.com/golang/crypto/blob/master/bcrypt/bcrypt.go#L260)
It happily treats all of them the same. It's probably safe to close this ticket.