Comments (4)
Hello @firaja ,
Thanks for sharing the details.
i have tried below both cases, stil it is showing false only.
boolean verification = Password.check(userEnteredPassword, hash.getResult())
.addSalt(salt)
.addPepper(pepper)
.withArgon2();
boolean verification = Password.check(userEnteredPassword, hash.getResult())
.addPepper(pepper)
.withArgon2();
Result: False
Input: Same input as mentioned previously.
from password4j.
Hello @mykapps599,
just use hash.getResult()
instead of hash.toString()
.
Here you can find a quick guide on the Hash
object, but in general Hash#toString()
is just a string representation of that object (which contains many information). The hash itself is contained in Hash#getResult()
Using your example:
// Step2: Validation
boolean verification = Password.check(userEnteredPassword, hash.getResult())
.addSalt(salt)
.addPepper(pepper)
.withArgon2();
Also take in account that #addSalt()
can be skipped because the salt is already contained in you hash and Password4j automatically parses the hash in search for the salt.
So you can just write
// Step2: Validation
boolean verification = Password.check(userEnteredPassword, hash.getResult())
.addPepper(pepper)
.withArgon2();
Let me know if you need further information. If not, please close this issue.
Thank you 🚀
from password4j.
Hello @mykapps599,
just use
hash.getResult()
instead ofhash.toString()
.Here you can find a quick guide on the
Hash
object, but in generalHash#toString()
is just a string representation of that object (which contains many information). The hash itself is contained inHash#getResult()
Using your example:
// Step2: Validation boolean verification = Password.check(userEnteredPassword, hash.getResult()) .addSalt(salt) .addPepper(pepper) .withArgon2();Also take in account that
#addSalt()
can be skipped because the salt is already contained in you hash and Password4j automatically parses the hash in search for the salt. So you can just write// Step2: Validation boolean verification = Password.check(userEnteredPassword, hash.getResult()) .addPepper(pepper) .withArgon2();Let me know if you need further information. If not, please close this issue. Thank you 🚀
Hello @firaja ,
Thanks for sharing the details.
i have tried below both cases, stil it is showing false only.
-
boolean verification = Password.check(userEnteredPassword, hash.getResult())
.addSalt(salt)
.addPepper(pepper)
.withArgon2(); -
boolean verification = Password.check(userEnteredPassword, hash.getResult())
.addPepper(pepper)
.withArgon2();
Result: False
Input: Same input as mentioned previously.
from password4j.
@mykapps599 I cannot reproduce your issue.
Can you please execute the following unit test?
@Test
public void testFromGithub()
{
String userEnteredPassword= "yesh599_33";
String salt = "yesmykaps599";
String pepper = "80953";
Argon2Function argon2 = Argon2Function.getInstance(4096, 99, 128, 4, Argon2.ID, 20);
Hash hash = Password.hash(userEnteredPassword).addSalt(salt).addPepper(pepper).with(argon2);
boolean verification = Password.check(userEnteredPassword,hash.getResult()).addSalt(salt).addPepper(pepper).with(argon2);
Hash rawHash = argon2.hash(userEnteredPassword, salt, pepper);
boolean rawVerification = argon2.check(userEnteredPassword, hash.getResult(), salt, pepper);
assertTrue(verification);
assertTrue(rawVerification);
assertEquals(rawHash, hash);
assertTrue(slowEquals(hash.getBytes(), rawHash.getBytes()));
}
private boolean slowEquals(byte[] a, byte[] b)
{
int diff = a.length ^ b.length;
for (int i = 0; i < a.length && i < b.length; i++)
{
diff |= a[i] ^ b[i];
}
return diff == 0;
}
all the asserts should pass.
from password4j.
Related Issues (20)
- needRehash function to check if password parameters are up to date HOT 4
- Library cannot be loaded on Java8 JVMs HOT 3
- Bad Shift in Bcrypt cryptRaw HOT 9
- JDK17: java.security.AccessController is deprecated HOT 2
- static block in Password class does not initialize due to NPE HOT 3
- Password4J Module Support HOT 1
- Wrong hashes when characters outside of ISO 8859-1 are used HOT 7
- Support for Balloon Hashing HOT 10
- There is no option to disable console printBanner. HOT 4
- stdout polluted with friendly message HOT 2
- Remove this unnecessary cast to "xxx". HOT 2
- Move assertions into separate method or use assertThrows or try-catch instead. HOT 2
- Align default values to OWASP recommended
- Remove logging functionalities HOT 2
- Add banner HOT 2
- Remove the remaining dependencies
- Argon2 not working as expected HOT 11
- Inconsistency between public and internal APIs HOT 1
- Configurable salt length HOT 8
- Please provide byte array based hashing HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from password4j.