Code Monkey home page Code Monkey logo

Comments (4)

mykapps599 avatar mykapps599 commented on May 30, 2024 1

Hello @firaja ,

Thanks for sharing the details.
i have tried below both cases, stil it is showing false only.

boolean verification = Password.check(userEnteredPassword, hash.getResult())
.addSalt(salt)
.addPepper(pepper)
.withArgon2();

boolean verification = Password.check(userEnteredPassword, hash.getResult())
.addPepper(pepper)
.withArgon2();

Result: False
Input: Same input as mentioned previously.

from password4j.

firaja avatar firaja commented on May 30, 2024

Hello @mykapps599,

just use hash.getResult() instead of hash.toString().

Here you can find a quick guide on the Hash object, but in general Hash#toString() is just a string representation of that object (which contains many information). The hash itself is contained in Hash#getResult()

Using your example:

// Step2: Validation
boolean verification = Password.check(userEnteredPassword, hash.getResult())
                               .addSalt(salt)
                               .addPepper(pepper)
                               .withArgon2();

Also take in account that #addSalt() can be skipped because the salt is already contained in you hash and Password4j automatically parses the hash in search for the salt.
So you can just write

// Step2: Validation
boolean verification = Password.check(userEnteredPassword, hash.getResult())
                               .addPepper(pepper)
                               .withArgon2();

Let me know if you need further information. If not, please close this issue.
Thank you 🚀

from password4j.

mykapps599 avatar mykapps599 commented on May 30, 2024

Hello @mykapps599,

just use hash.getResult() instead of hash.toString().

Here you can find a quick guide on the Hash object, but in general Hash#toString() is just a string representation of that object (which contains many information). The hash itself is contained in Hash#getResult()

Using your example:

// Step2: Validation
boolean verification = Password.check(userEnteredPassword, hash.getResult())
                               .addSalt(salt)
                               .addPepper(pepper)
                               .withArgon2();

Also take in account that #addSalt() can be skipped because the salt is already contained in you hash and Password4j automatically parses the hash in search for the salt. So you can just write

// Step2: Validation
boolean verification = Password.check(userEnteredPassword, hash.getResult())
                               .addPepper(pepper)
                               .withArgon2();

Let me know if you need further information. If not, please close this issue. Thank you 🚀

Hello @firaja ,

Thanks for sharing the details.
i have tried below both cases, stil it is showing false only.

  1. boolean verification = Password.check(userEnteredPassword, hash.getResult())
    .addSalt(salt)
    .addPepper(pepper)
    .withArgon2();

  2. boolean verification = Password.check(userEnteredPassword, hash.getResult())
    .addPepper(pepper)
    .withArgon2();

Result: False
Input: Same input as mentioned previously.

from password4j.

firaja avatar firaja commented on May 30, 2024

@mykapps599 I cannot reproduce your issue.
Can you please execute the following unit test?

    @Test
    public void testFromGithub()
    {
        String userEnteredPassword= "yesh599_33";
        String salt = "yesmykaps599";
        String pepper = "80953";

        Argon2Function argon2 = Argon2Function.getInstance(4096, 99, 128, 4, Argon2.ID, 20);

        Hash hash = Password.hash(userEnteredPassword).addSalt(salt).addPepper(pepper).with(argon2);
        boolean verification = Password.check(userEnteredPassword,hash.getResult()).addSalt(salt).addPepper(pepper).with(argon2);

        Hash rawHash = argon2.hash(userEnteredPassword, salt, pepper);
        boolean rawVerification = argon2.check(userEnteredPassword, hash.getResult(), salt, pepper);

        assertTrue(verification);
        assertTrue(rawVerification);
        assertEquals(rawHash, hash);
        assertTrue(slowEquals(hash.getBytes(), rawHash.getBytes()));
    }

    private boolean slowEquals(byte[] a, byte[] b)
    {
        int diff = a.length ^ b.length;
        for (int i = 0; i < a.length && i < b.length; i++)
        {
            diff |= a[i] ^ b[i];
        }
        return diff == 0;
    }

all the asserts should pass.

from password4j.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.