dfish3r
commented
8 years ago I'll look over the source and see if a separate module makes sense.
In the meantime, why don't you exclude cryptacular in your pom?
Closed ari closed 7 years ago
dfish3r
commented
8 years ago I'll look over the source and see if a separate module makes sense.
In the meantime, why don't you exclude cryptacular in your pom?
ari
commented
8 years ago Good idea, but I didn't want it to break when it hits some dependency in the code.
At any rate, after more searching I found https://github.com/nulab/zxcvbn4j which might be closer to the narrower library I was looking for. Thanks anyhow, this library has some interesting ideas.
skolson
commented
7 years ago FYI I hit this too on an Android app. Had no need for Cryptacular anyway, and two different Cryptacular classes use the "group" function (with one String argument) in the java.util.regex.Matcher class that android doesn't support yet. Evidently Android supports this usage of the group function with Android O, which isn't out yet. This usage annoys Proguard.
Anyway, I used this in gradle to work around the issue since I don't want this library anyway:
configurations {
all*.exclude group: 'org.cryptacular'
}
Cryptacular marked optional in https://github.com/vt-middleware/passay/commit/cff7dbc64fc94fd1a60f6da46de89bae9ad03900
Would you be able to make cryptacular a runtime only dependency? Some people (well, me) want to use passay to verify password strength but not to be involved in the actual hashing since we already have implementations for that.
Ideally that component might be pluggable for different hashing choices, but I just want to not use history checking at all. I don't want cryptacular in my classpath or build.
Thanks