Done and done in git master.
Next, is how to document or change
org.apache.commons.codec.digest.Crypt.crypt(byte[], String): The method clears
the input byte array for all input types _except_ when calling UnixCrypt [1].
I could:
(1) Document the inconsistency (right now, I left it unsaid)
(2) Make UnixCrypt.crypt() clear its input password for consistency.
WDYT?
TY!
Gary
[1]:
public static String crypt(final byte[] keyBytes, final String salt) {
if (salt == null) {
return Sha2Crypt.sha512Crypt(keyBytes);
}
if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) {
return Sha2Crypt.sha512Crypt(keyBytes, salt);
}
if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) {
return Sha2Crypt.sha256Crypt(keyBytes, salt);
}
if (salt.startsWith(Md5Crypt.MD5_PREFIX)) {
return Md5Crypt.md5Crypt(keyBytes, salt);
}
return UnixCrypt.crypt(keyBytes, salt);
}
On 2023/08/09 19:16:59 Mark Thomas wrote:
> Reject it. And document the existing behavior.
>
> Mark
>
>
> On 09/08/2023 19:52, Gary Gregory wrote:
> > Hi all,
> >
> > Any thoughts on https://github.com/apache/commons-codec/pull/197
> >
> > Gary
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
