Comments (7)
firaja
commented on May 29, 2024
1
Hi @GisoBartels thank you for providing a working example.
In the next days I will publish the fix for the issue. This might impact other projects but I think that very few people uses non-ASCII characters for their passwords.
from password4j.
firaja
commented on May 29, 2024
1
Hi @GisoBartels 1.7.3 is released now!
Thank you for your support š
from password4j.
firaja
commented on May 29, 2024
Hi @GisoBartels,
can you provide a working example for this issue?
Thank you
from password4j.
GisoBartels
commented on May 29, 2024
Sure. I noticed the problem through a failing test in an update PR. See here: GisoBartels/kaster#8
The test went green again, when I compiled the latest version with UTF-8 as default charset.
from password4j.
firaja
commented on May 29, 2024
From what I see the PR is failing because of a test about password generation not password hashing.
org.junit.ComparisonFailure: expected:<[g9*RlE3CilUmDL$#tyhX]> but was:<[PRqOXQNjODPVVuz6Ol5&]>
at org.junit.Assert.assertEquals(Assert.java:117)
at kotlin.test.junit.JUnitAsserter.assertEquals(JUnitSupport.kt:32)
at kotlin.test.AssertionsKt__AssertionsKt.assertEquals(Assertions.kt:63)
at kotlin.test.AssertionsKt.assertEquals(Unknown Source)
at kotlin.test.AssertionsKt__AssertionsKt.assertEquals$default(Assertions.kt:62)
at kotlin.test.AssertionsKt.assertEquals$default(Unknown Source)
at app.passwordkaster.core.PasswordGenerationTest.testPassword(PasswordGenerationTest.kt:110)
I don't see Password4j involved in that test. Please report here a piece of code where Password4j is involved, with input, output and expected output (from external tools if needed). I'm not going to analyze and debug third party libraries š
In 1.6.3 (and 1.7.x as well) we have a test with multi-byte unicodes and the test passed in all versions.
The string used was (ć£ļ¼¾āæļ¼¾)Ū¶\uD83C\uDF78\uD83C\uDF1F\uD83C\uDF7AŁ©(Ėā”Ė ) āā āāā. So it's weird that a backtick is breaking the hashing process.
Have you tried to convert strings to bytes with a different encoding? Password4j accepts also byte[] as well.
In java:
Password4j.hash("my password".getBytes(StandardCharsets.UTF_8)).with(...);from password4j.
GisoBartels
commented on May 29, 2024
I created a test, so you can debug for yourself. The test will go green, when the default charset is set to UTF-8
#127
from password4j.
GisoBartels
commented on May 29, 2024
Thanks for fixing quickly š
I can confirm, that with the new version my tests are green again.
from password4j.
Related Issues (20)
- needRehash function to check if password parameters are up to date HOT 4
- Library cannot be loaded on Java8 JVMs HOT 3
- Bad Shift in Bcrypt cryptRaw HOT 9
- JDK17: java.security.AccessController is deprecated HOT 2
- static block in Password class does not initialize due to NPE HOT 3
- Password4J Module Support HOT 1
- Support for Balloon Hashing HOT 10
- There is no option to disable console printBanner. HOT 4
- stdout polluted with friendly message HOT 2
- Remove this unnecessary cast to "xxx". HOT 2
- Move assertions into separate method or use assertThrows or try-catch instead. HOT 2
- Align default values to OWASP recommended
- Remove logging functionalities HOT 2
- Add banner HOT 2
- Remove the remaining dependencies
- Argon2 not working as expected HOT 11
- Inconsistency between public and internal APIs HOT 1
- Configurable salt length HOT 8
- Please provide byte array based hashing HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from password4j.