[
https://issues.apache.org/jira/browse/CODEC-182?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17869743#comment-17869743
]
Sebb commented on CODEC-182:
----------------------------
See https://github.com/apache/commons-codec/pull/301
> Allow real salts in Sha2Crypt
> -----------------------------
>
> Key: CODEC-182
> URL: https://issues.apache.org/jira/browse/CODEC-182
> Project: Commons Codec
> Issue Type: Bug
> Affects Versions: 1.9
> Reporter: Felix Kaser
> Priority: Minor
>
> The javadoc for all the methods in Sha2Crypt clearly states to pass a "real
> salt" in as parameter, without prefix and without "rounds=...". But the crypt
> method first of all checks if the salt matches a regex pattern, which
> requires it to contain at least a leading $5$ or $6$, possibly a rounds=...
> and then the real salt.
> Imho either the javadoc should be adapted to tell developers which salt to
> pass in, or the crypt method should match the salt after adding the prefix
> itself.
> I am new to the apache commons community, so please correct me if I'm totally
> wrong here.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
