Please sign in to comment.
Fix bug where non-salts compared to true.
The Compare functions were taking any data in without validating it as acceptable input. This means that a "hash" could have been invalid. Instead of checking this in advance, the code just pushed forward with hashing and didn't look back. This would result in behavior where a password of ':' would compare positively to a hash of 'blarp'. Now, the c++ code just makes sure to validate that the hash is as least a correctly formatted salt before continuing on. This doesn't give away any special properties of the salt itself so it shouldn't be an issue in terms of security. Signed-off-by: Nick Campbell <firstname.lastname@example.org>
- Loading branch information...
Showing with 36 additions and 6 deletions.