rojoko
commented
8 years ago I read up now why you changed the API ( https://github.com/technion/ruby-argon2/issues/9 ) and I hope the devise-argon2 will include your changed API.
Closed rojoko closed 8 years ago
rojoko
commented
8 years ago I read up now why you changed the API ( https://github.com/technion/ruby-argon2/issues/9 ) and I hope the devise-argon2 will include your changed API.
technion
commented
8 years ago Hi Rojoko,
I would encourage any dependant gem to correctly configure those dependencies around semantic versioning, so that breaking changes moving from 0.1.4 to 1.0.0 don't automatically propagate upwards.
Edit: I note you included such a fix within the PR you sent there. The fact that wasn't in place previously is the real issue here.
I would also urge you to review this statement in the README in relation
It is strongly advised to avoid implementations that utilise off-spec methods of introducing salts, invent imaginary parameters, or which use the word "encryption" in describing the password hashing process
The change in the api to create a password from version 0.1.4 to 1.0.0 in https://github.com/technion/ruby-argon2/blob/master/lib/argon2.rb from #hash to #create breaks the devise-argon2 gem https://github.com/erdostom/devise-argon2/issues/3 .