needRehash function to check if password parameters are up to date about password4j HOT 4 CLOSED

Hi @realkarmakun,

the feature requested is in master brach. The 1.7.0 release will be public by the end of the week.

You can check if there have been an update with a boolean flag like in this example:

HashUpdate update = Password.check(password, hash.getResult())
                .andUpdate().with(...);

update.isUpdated() // true or false

Using a different algoritmh even with different parameters, using #addNewSalt(...) or #addNewPepper(...) makes the library to recalculate the hash.

If you need to force for any reason the update, you can use #forceUpdate(). For example Bcrypt salt could be regenerated internally by the library.

HashUpdate updated5 = Password.check(password, hash.getResult())
                .andUpdate().forceUpdate().with(...);

update.isUpdated() // true

from password4j.

Hi @realkarmakun ,

version 1.7.0 is now public.
See the changelog for further information.

from password4j.

Hi @realkarmakun thanks for the suggestion.
Do you need a boolean function that tells if you need to update the hash or just the certainty that the library would not calculate a new hash?
I prefer the first one, because one would need to regenerate the salt event if the parameters didn't change.

from password4j.

@firaja
Yes I prefer first option as well. It would allow more control over when generation happens and overall more intuitive (IMHO). Checks if update is needed => Updates the hash.

Not sure about handling updates between algorithms in this case though. Is it possible to check what algorithm was used in original hash after the check call?

from password4j.