Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for Bcrypt algorithm version 2y #12447

Merged
merged 1 commit into from
Sep 10, 2022
Merged

Add support for Bcrypt algorithm version 2y #12447

merged 1 commit into from
Sep 10, 2022

Conversation

docelic
Copy link
Contributor

@docelic docelic commented Sep 5, 2022

This is related to #11595 and the suggestion from @Blacksmoke16 to
also add support for version 2y.

As per https://en.wikipedia.org/wiki/Bcrypt, it seems 2y is limited
to hashes generated by the fixed PHP algorithm.

This is related to #11595 and the suggestion from @Blacksmoke16 to
also add support for version 2y.

As per https://en.wikipedia.org/wiki/Bcrypt, it seems 2y is limited
to hashes generated by the fixed PHP algorithm.
@straight-shoota
Copy link
Member

I'm not familiar with bcrypt version support. But I suppose it's fine to add 2y as supported because its implementation is identical to the existing versions.

Why not add 2x as well, though?

@docelic
Copy link
Contributor Author

docelic commented Sep 6, 2022

As per the linked Wikipedia article, it seems 2x is a non-compatible implementation (one with a bug):

"In June 2011, a bug was discovered in crypt_blowfish, a PHP implementation of bcrypt. It was mis-handling characters with the 8th bit set. They suggested that system administrators update their existing password database, replacing $2a$ with $2x$, to indicate that those hashes are bad (and need to use the old broken algorithm)."

@straight-shoota straight-shoota added this to the 1.6.0 milestone Sep 9, 2022
@straight-shoota straight-shoota merged commit 286a027 into crystal-lang:master Sep 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants