paragonie / ciphersweet

Fast, searchable field-level encryption for PHP projects
https://ciphersweet.paragonie.com
Other
437 stars 32 forks source link

sodium_crypto_pwhash() warns "empty password" #73

Closed thisispiers closed 2 years ago

thisispiers commented 2 years ago

sodium_crypto_pwhash() warns "empty password" when the value for a blind index is an empty string or null.

My current workaround is to add this line to the beginning of BoringCrypto::blindIndexSlow()

if ($plaintext === '') { $plaintext = ' '; }

A unique value from a constant might be preferable.

paragonie-security commented 2 years ago

Fixed in v4.0.1