Closed lunikon closed 6 years ago
Would adding the following method on the Hasher
interface be sufficient for your use-case?
/**
* Tests whether this hasher configuration matches with properties found encoded in the given hash.
*
* @param encodedHash An Argon2 encoded hash
* @return <code>true</code>, if this hasher properties and encodedHash properties match (type, version, memory
* cost, time cost, parallelism, salt length and hash length)
*/
boolean propertiesMatch(String encodedHash);
It essentially tells if encodedHash
could have been produced by this
hasher.
Then, you could use it like:
boolean passwordValid = verifier.password(password).hash(encodedHash).verifyEncoded();
if (passwordValid && !hasher.propertiesMatch(encodedHash)) {
String newHash = hasher.password(password).encodedHash();
// store newHash
}
// continue login
Yes, something like this would be perfect!
Just deployed API version v1.1.0 to Maven central.
Change your api dependency to:
<dependency>
<groupId>com.kosprov.jargon2</groupId>
<artifactId>jargon2-api</artifactId>
<version>1.1.0</version>
</dependency>
Damn, that was quick! Thanks a lot!
It would be nice to have an official API to retrieve the settings with which a hash has been generated. While these are encoded in the hash and it would be relatively easy to extract them manually, it would be nicer if the library provided a proper abstraction over this and left said parsing to the backend/actual implementations.
Motivation: I would like to automatically re-hash verified passwords if the currently used settings differ from those used when the password was originally hashed. At the moment, determining whether the settings have changed is relatively cumbersome.