Felix Kaser created CODEC-182:
---------------------------------
Summary: Allow real salts in Sha2Crypt
Key: CODEC-182
URL: https://issues.apache.org/jira/browse/CODEC-182
Project: Commons Codec
Issue Type: Bug
Affects Versions: 1.9
Reporter: Felix Kaser
Priority: Minor
The javadoc for all the methods in Sha2Crypt clearly states to pass a "real
salt" in as parameter, without prefix and without "rounds=...". But the crypt
method first of all checks if the salt matches a regex pattern, which requires
it to contain at least a leading $5$ or $6$, possibly a rounds=... and then the
real salt.
Imho either the javadoc should be adapted to tell developers which salt to pass
in, or the crypt method should match the salt after adding the prefix itself.
I am new to the apache commons community, so please correct me if I'm totally
wrong here.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)