New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Incompatible update for blowfish crypt module #176

Merged
merged 1 commit into from Mar 6, 2016

Conversation

Projects
None yet
2 participants
@qykth-git
Contributor

qykth-git commented Mar 6, 2016

Change bcrypt default algorithm to $2b$

$2a$ is vulnerable. Don't use for new code. It's incompatible update from previous version.

Change bcrypt default algorithm to "$2b$"
"$2a$" is vulnerable. Don't use for new code.
It's incompatible update from previous version.

If you really wants "$2a$" algorithm for "bcryot-hashpw", make your own
setting string from "bcrypt-gensalt" that applies "$2a$" for ":prefix" keyword.

shirok added a commit that referenced this pull request Mar 6, 2016

Merge pull request #176 from qykth-git/bcrypt
Incompatible update for blowfish crypt module

@shirok shirok merged commit 89c2048 into shirok:master Mar 6, 2016

@shirok

This comment has been minimized.

Show comment
Hide comment
@shirok

shirok Mar 6, 2016

Owner

Thanks.

Owner

shirok commented Mar 6, 2016

Thanks.

@shirok

This comment has been minimized.

Show comment
Hide comment
@shirok

shirok Mar 6, 2016

Owner

I don't think the incompatibility causes any problem---the code should agnostic about the default algorithm used.

Owner

shirok commented Mar 6, 2016

I don't think the incompatibility causes any problem---the code should agnostic about the default algorithm used.

@qykth-git qykth-git deleted the qykth-git:bcrypt branch Mar 9, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment