Felix Kaser created CODEC-182:
---------------------------------

             Summary: Allow real salts in Sha2Crypt
                 Key: CODEC-182
                 URL: https://issues.apache.org/jira/browse/CODEC-182
             Project: Commons Codec
          Issue Type: Bug
    Affects Versions: 1.9
            Reporter: Felix Kaser
            Priority: Minor


The javadoc for all the methods in Sha2Crypt clearly states to pass a "real 
salt" in as parameter, without prefix and without "rounds=...". But the crypt 
method first of all checks if the salt matches a regex pattern, which requires 
it to contain at least a leading $5$ or $6$, possibly a rounds=... and then the 
real salt.

Imho either the javadoc should be adapted to tell developers which salt to pass 
in, or the crypt method should match the salt after adding the prefix itself.

I am new to the apache commons community, so please correct me if I'm totally 
wrong here.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to