Closed eskimor closed 3 years ago
@ali-abrar sure: Dan noticed that we are using a disclosed count of 0 internally to say that password is considered secure. Problem: If the database got an incorrect disclosed count of zero for some password, the library would actually report it as secure, although we just found it in a database.
I updated the changelog as well, with those details. I also changed the API to use a dedicated constructor, as it was confusing to users previously.
Thanks @eskimor. Can you describe how this improves security?