sebbASF commented on PR #300: URL: https://github.com/apache/commons-codec/pull/300#issuecomment-2260171613
> Both of the above salt values are wrong. We need the salt to be 16 bytes or less Yes and no. The JavaDoc for Crypt includes the phrase " ... and is cut at the maximum length ...." See https://github.com/apache/commons-codec/blob/7cae886f2de60fabc37d36a1ddd09473c5aeaa46/src/test/java/org/apache/commons/codec/digest/Sha256CryptTest.java#L61 It should be possible to allow for a longer salt, but it may be tricky to do so in a single regex. The first task is to document exactly what should be allowed and what is not allowed. Only then can tests be written and code amended. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@commons.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org