Closed alessiodam closed 1 year ago
You don't think it would be a problem if suddenly argon2-cffi would suddenly accept all passwords under the old API contract?
no like if the hash is correct, return True, if it isn't return False and raise an exception if there was an exception
Yes and there's 10 million downloads per month right now that expect an exception on a wrong password.
The reason why we raise an exception is in the FAQ and we can't change that anymore. If it bothers you so much, you can write a simple wrapper around the method.
ok, thanks
Maybe make the hash verify function return True or False, and rasie an exception if there was an exception