Closed nicraMarcin closed 4 years ago
int validityCode = argon2id_verify(argon2string, pwd, sizeof(pwd)); // <-- 'password' string
sizeof(pwd)
is the size of a pointer, i.e., typically 8 bytes. You're effectively only checking the first 8 bytes of passwords.
The fix would look like int validityCode = argon2id_verify(argon2string, pwd, plainPassword->size());
@sneves Yes, correct, this is pointer :) :+1:
I have also generated hash from 8 first characters :)
argon2id_hash_encoded(2, 1<<16, 2, plainPassword->c_str(), sizeof(plainPassword->c_str()), salt, sizeof(salt), 32, encoded, std::size(encoded));
Hello, I have strange problem with verify password. I generated argon2 string with password
password
. Now when I verify it I got OK if password isnt the same but beginning of string matches to password. For example. encoded password =password
verification:I have notice, that only 8 first characters are chcecked in password. I genereated
verylongpasswordfortest
and when I inputverylong
text password is still ok, but when I input 7 characters password is incorrectmy code: method for encoding password
method for verify password
Now I test it an in my log:
What I'm doing wrong?
argon2 tests