[
https://issues.apache.org/jira/browse/CODEC-182?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17895011#comment-17895011
]
Sebb commented on CODEC-182:
----------------------------
I'm OK with applying PR 301, possibly without adding the validation check at
line 190 (in which case the change at line 75 is not needed). Might be best to
handle those changes separately.
> Allow real salts in Sha2Crypt
> -----------------------------
>
> Key: CODEC-182
> URL: https://issues.apache.org/jira/browse/CODEC-182
> Project: Commons Codec
> Issue Type: Bug
> Affects Versions: 1.9
> Reporter: Felix Kaser
> Priority: Minor
>
> The javadoc for all the methods in Sha2Crypt clearly states to pass a "real
> salt" in as parameter, without prefix and without "rounds=...". But the crypt
> method first of all checks if the salt matches a regex pattern, which
> requires it to contain at least a leading $5$ or $6$, possibly a rounds=...
> and then the real salt.
> Imho either the javadoc should be adapted to tell developers which salt to
> pass in, or the crypt method should match the salt after adding the prefix
> itself.
> I am new to the apache commons community, so please correct me if I'm totally
> wrong here.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
