New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v3 dev] needsRehash always returns true #38
Comments
Oh no, how did I mess that up? Will fix in 2.1 immediately. |
Hmm, what version are you running? public function testRehash()
{
$key = new EncryptionKey(\str_repeat('A', 32));
$legacyHash = '3142010064c0c42347b248372d9605621bd6e56e6ace8d2c6f6a3cf3d1a37a40' .
'3f031b5be025f00763a92ffb47281065419663e972b1a8faa08ae34bd9fdb35b2ca7727f41' .
'ca8edc75293d8f3bf12604ff4188d71473b605d48d1e378388465c6e4c733cae5f89802ebb' .
'79ec6532b430a4799e545956113f116fa705e3ed2d7b17bb6dbf435f36a0f50dcb541adb82' .
'a83f6d01ae66b2f4d46540161ba6cc37dbd0e870aed8334cb71f8162a9e7e7974396bdb1bc' .
'4da5099423820b870e39a3ffe5';
$this->assertTrue(Password::needsRehash($legacyHash, $key));
$hash = Password::hash('test password', $key);
$this->assertFalse(Password::needsRehash($hash, $key));
} This test is passing. |
Oh, I see. You're using the |
I am on master, I am binding one of my libraries to your upcoming version 3. |
I won't use the API in production until version 3 is released. But since you checked al your boxes for version 3, I thought why bind to version 2 when version 3 is almost there. I think it is a good idea to include a test for |
It's caused by the change from hex encoding to base64urlsafe. I'm working on the fix right now.
Ah, I'm sorry that checklist caused confusion. We implemented the brainstormed list items, but the milestone hasn't been laid out quite yet. The changes I did make might not even be final (for example, we might only use Version 2.x will continue to be maintained until CMS Airship v1 is EOL'd (slightly under three years). If you're shipping software that requires Halite, you'll probably be better off using 2.1 since it's already available. Version 3's main benefits as laid out are:
None of these are a security advantage over version 2, and the |
@paragonie-scott Thanks for clearing this. I will switch to version 2 then. Thanks for the great library! |
66bef16 fixed this, thanks for reporting it :) |
I would asume that when I generate a new hash with
Password::hash
thatneedsRehash
would return false on the generated hash. But as so it seems, it always returns true.The text was updated successfully, but these errors were encountered: