Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancement: Validate parameters for nil on noir.util.crypt's compare #108

Open
ricardojmendez opened this issue Oct 20, 2014 · 3 comments
Open

Enhancement: Validate parameters for nil on noir.util.crypt's compare #108

ricardojmendez opened this issue Oct 20, 2014 · 3 comments

Comments

@ricardojmendez
Copy link

Calling:

(compare nil (encrypt "hello"))

returns false as expected. However, calling

(compare "hello" nil)

raises a NullPointerException from org.mindrot.jbcrypt.BCrypt.hashpw. It would be better to validate both parameters before passing them down to BCrypt/checkpw, and return false if one of them is nil.
@yogthos
Copy link
Contributor

yogthos commented Oct 21, 2014

good idea, updated the logic with the check

@yogthos
Copy link
Contributor

yogthos commented Oct 21, 2014

also just a heads up, I've been meaning to do this for a while and I'm finally moving lib-noir to use Scrypt as Bcrypt hasn't been updated since 2010.

@ricardojmendez
Copy link
Author

Thanks for the heads up, but no problem - not relying on any specific Bcrypt behavior. Cheers!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ricardojmendez @yogthos