This PR improves the bcrypt example by using the DefaultCost constant (which is currently 10 and the recommended value instead of the previously used 8) and by allowing password which are longer than 72 characters.
Bcrypt truncates the plaintext input at 72 characters, so passwords which are longer than that, are not recognized as different inputs. By hashing the input first to a fixed size (and removing possible NULL bytes) an arbitrary long input is possible.
SimonWaldherr
commented
7 years ago
This PR improves the bcrypt example by using the
DefaultCostconstant (which is currently 10 and the recommended value instead of the previously used 8) and by allowing password which are longer than 72 characters.Bcrypt truncates the plaintext input at 72 characters, so passwords which are longer than that, are not recognized as different inputs. By hashing the input first to a fixed size (and removing possible NULL bytes) an arbitrary long input is possible.