search

boughtonp / cfpassphrase

MOVED TO https://codeberg.org/boughtonp/cfpassphrase
https://www.sorcerersisle.com/software/cfpassphrase
GNU Lesser General Public License v3.0
17 stars 2 forks source link

Update jbcrypt to v0.4 #16

Closed boughtonp closed 3 years ago

JamoCA commented 9 years ago

I was reviewing this library for use with Adobe ColdFusion and noticed that the jBcrypt library needed to be upgraded as well.

boughtonp commented 9 years ago

The difference between jBcrypt 0.3 and 0.4 is a limit of 30 for log_rounds (down from 31) to prevent integer overflow - so it's ok to use the current version if you enforce this limit yourself.

I'll try to address this soon though.

JamoCA commented 9 years ago

Thanks for the quick response (and for this consolidated library.)

What about scrypt? Which version is used? 1.1.6? If so, it looks like a fair amount of updates were pushed for the 1.2.0 update on 7/30/2015. https://github.com/Tarsnap/scrypt/compare/1.1.6...master

boughtonp commented 9 years ago

It's the Java implementation of scrypt, and yeah I think that's still equivalent to 1.1.6

I've added issue #17 to check this out, as I suspect it may involve more effort than upgrading jBcrypt will.

boughtonp commented 3 years ago

Release of cfPassphrase v0.2 includes jBCrypt 0.4