Closed heruan closed 6 years ago
There is no Bouncy Castle Digest
implementation for BCrypt and consequently no DigestSpec
. I do think it would be straightforward to develop a new HashBean
implementation that uses the BCrypt
component of Bouncy Castle to do the hashing:
If you have test vectors you can share, that would be very helpful; in particular, input passwords and expected hex digests. The test coverage is at least 2x more effort than the code itself, and the test data is at least half of that.
If we get test data in the next few days, I'm optimistic this could make the upcoming 1.1.0 release.
Thank you @serac for the quick response! Here's a list of 100 passwords with their B-Crypt hash (Base64): https://gist.github.com/heruan/dfbed28cf6ef3af6382697421c3ebe03
Thanks. I started work on the feature but it's proving more difficult than I hoped due to the need for changes to our base-N encoding components to deal with the non-standard base-64 alphabet commonly used in bcrypt hashes. I'm still optimistic this feature will make our next release, just with more effort than initially planned.
@heruan I wouldn't mind if you checked out the branch and reviewed it for your needs. After I got into the details of bcrypt, which I was unfamiliar with, I felt that it had a set of fairly narrow use cases and I stuck to those in the implementation. Thus BCryptHashBean
is less flexible than the existing HashBean
components, but hopefully more convenient for what most folks would need. I would appreciate confirmation that my assumption is correct.
I'm using Passay to validate passwords in a Spring application, which uses
BCryptPasswordEncoder
to encode passwords. I need to use Passay'sDigestHistoryRule
with a Cryptacular'sEncodingHashBean
for these passwords, but I do not know whichDigestSpec
to use.Is this supported at all? If not, is it possible to add support for this?