hynek
commented
1 year ago You don't think it would be a problem if suddenly argon2-cffi would suddenly accept all passwords under the old API contract?
Closed alessiodam closed 1 year ago
hynek
commented
1 year ago You don't think it would be a problem if suddenly argon2-cffi would suddenly accept all passwords under the old API contract?
alessiodam
commented
1 year ago no like if the hash is correct, return True, if it isn't return False and raise an exception if there was an exception
hynek
commented
1 year ago Yes and there's 10 million downloads per month right now that expect an exception on a wrong password.
The reason why we raise an exception is in the FAQ and we can't change that anymore. If it bothers you so much, you can write a simple wrapper around the method.
alessiodam
commented
1 year ago ok, thanks
Maybe make the hash verify function return True or False, and rasie an exception if there was an exception