Incompatible update for blowfish crypt module #176

Merged
merged 1 commit into from Mar 6, 2016

Projects

None yet

2 participants

@qykth-git
Contributor

Change bcrypt default algorithm to $2b$

$2a$ is vulnerable. Don't use for new code. It's incompatible update from previous version.

@qykth-git qykth-git Change bcrypt default algorithm to "$2b$"
"$2a$" is vulnerable. Don't use for new code.
It's incompatible update from previous version.

If you really wants "$2a$" algorithm for "bcryot-hashpw", make your own
setting string from "bcrypt-gensalt" that applies "$2a$" for ":prefix" keyword.
c143083
@shirok shirok merged commit 89c2048 into shirok:master Mar 6, 2016
@shirok
Owner
shirok commented Mar 6, 2016

Thanks.

@shirok
Owner
shirok commented Mar 6, 2016

I don't think the incompatibility causes any problem---the code should agnostic about the default algorithm used.

@qykth-git qykth-git deleted the qykth-git:bcrypt branch Mar 9, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment