Closed ayamada closed 9 years ago
Hi @ayamada
buddy 0.2.3 has a bug on bcrypt password hasher. It publicy specifies that is :bcrypt+sha256
but internally uses sha512. In buddy 0.3.0 that bug is fixed, changing the algoritthm identifier to :bcrypt-sha512
.
Try replace the "sha256" part of your hash with sha512 and try validate it. If it works, the solution is make the replacement to all your hashers.
Sorry for inconvenience.
Hi @niwibe
I replace old hash string from bcrypt+sha256$
to bcrypt+sha512$
, and it passed to buddy.hashers.bcrypt/check-password
.
Thanks for your response!
Great! ;)
Hi.
I was used old
[buddy "0.2.3"]
.[buddy "0.2.3"]
'sbuddy.hashers.bcrypt/make-password
generatebcrypt+sha256
hash by default. I stored these hashes. But, I cannot verify these hashes in[buddy/buddy-hashers "0.3.0"]
.How can I verify these hashes?
lein repl
in[buddy "0.2.3"]
;lein repl
in[buddy/buddy-hashers "0.3.0"]
;