Comments (7)
technion
commented on August 15, 2024
2
It would appear that my concerns related only to creating a hash.
Given the position of encouraging people not to come up with their own salting scheme in the first place, I'm happy to stay firm on SALT_LEN as a hard coded input.
I'm pushing a fix now however that should allow it to verify existing hashes, which I've tested against your examples.
from ruby-argon2.
technion
commented on August 15, 2024
1
@micahhainline Given it's a bugfix, I will push a new release if no issues come up in another 24 hours.
from ruby-argon2.
technion
commented on August 15, 2024
Hi,
Thanks for this report. I'm going to take some time to look into an appropriate solution. Trying to mess with this has a knock-on effect of messing with the ENCODE_LEN constant, which exists in Ruby outside the C wrapper.
Being in this position would also involve messing with a recommended default, which I've been trying to discourage people from doing.
Regardless, let me look into a solution.
from ruby-argon2.
micahhainline
commented on August 15, 2024
Any idea when we might see this in a release?
from ruby-argon2.
micahhainline
commented on August 15, 2024
@technion wow! This is setting the bar for responsiveness! Thanks for turning it around so quickly!
from ruby-argon2.
technion
commented on August 15, 2024
@micahhainline No worries - it's a legit bug and can be fixed in a non-breaking way.
from ruby-argon2.
technion
commented on August 15, 2024
@micahhainline @asynchrony-ringo Version 1.1.1 has been tagged and pushed.
from ruby-argon2.
Related Issues (20)
- Argon2id binding HOT 17
- Gem fails to build under FreeBSD 12.0 HOT 8
- Unsigned RubyGem HOT 3
- Required Ruby Version unclear based on gemspec HOT 4
- Rubocop issues HOT 2
- Incompatible with other versions of Argon2 HOT 1
- RubyGems and Github naming mismatch HOT 2
- Allow providing parallelism cost parameter HOT 4
- Error when attempting to use fork HOT 12
- legacy.rb test unused and in broken state HOT 2
- Github Org for improved SEO HOT 2
- Unable to install latest on master via Bundler HOT 2
- :salt_do_not_supply option renamed HOT 4
- Fails to load with Rubygems 3.4 HOT 36
- RBS issue - Cannot find type `FFI::Library` HOT 1
- Memory cost definition HOT 2
- Incorrect initialization checks: `ARGON2_MEMORY_TOO_LITTLE` raised when m_cost < 3 HOT 1
- Cannot specify memory costs that aren't `2^N` HOT 2
- Default argon2.online builds a hash which ruby_argon2 cant verify HOT 1
- Add OWASP recommendations as additional profiles? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ruby-argon2.