cryptacular hard requirement

[ari]

Would you be able to make cryptacular a runtime only dependency? Some people (well, me) want to use passay to verify password strength but not to be involved in the actual hashing since we already have implementations for that.

Ideally that component might be pluggable for different hashing choices, but I just want to not use history checking at all. I don't want cryptacular in my classpath or build.

Thanks

[dfish3r]

I'll look over the source and see if a separate module makes sense.

In the meantime, why don't you exclude cryptacular in your pom?

[ari]

Good idea, but I didn't want it to break when it hits some dependency in the code.

At any rate, after more searching I found https://github.com/nulab/zxcvbn4j which might be closer to the narrower library I was looking for. Thanks anyhow, this library has some interesting ideas.

[skolson]

FYI I hit this too on an Android app. Had no need for Cryptacular anyway, and two different Cryptacular classes use the "group" function (with one String argument) in the java.util.regex.Matcher class that android doesn't support yet. Evidently Android supports this usage of the group function with Android O, which isn't out yet. This usage annoys Proguard.

Anyway, I used this in gradle to work around the issue since I don't want this library anyway:

configurations {
    all*.exclude group: 'org.cryptacular'
}

[dfish3r]

Cryptacular marked optional in cff7dbc