search

JsCommunity / hashy

Hash passwords the right way (Argon2 & bcrypt support)
MIT License
7 stars 1 forks source link

Invalid handling of pwds longer than 72 chars with Blowfish #1

Open julien-f opened 8 years ago

julien-f commented 8 years ago

Blowfish ignore characters after the 72nd which can cause some issues.

Actual (invalid) behavior:

> hashy <72 'x'>
<hashed password>
> hashy <72 'x' + anything> <hashed password>
ok

Expected behavior:

> hashy <72 'x' + anything> <hashed password>
not ok