alopresto commented on a change in pull request #4111: NIFI-7119 Implement
boundary checking for Argon2 cost parameters
URL: https://github.com/apache/nifi/pull/4111#discussion_r387936873
##########
File path:
nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/Argon2SecureHasher.java
##########
@@ -53,11 +53,14 @@
private final int iterations;
private final int saltLength;
- private final boolean usingStaticSalt;
+ private boolean usingStaticSalt;
// A 16 byte salt (nonce) is recommended for password hashing
private static final byte[] staticSalt = "NiFi Static
Salt".getBytes(StandardCharsets.UTF_8);
+ // Upper boundary for several cost parameters
+ private static final double upperBoundary = Math.pow(2, 32) - 1;
Review comment:
As `2^32 - 1` is `4*10^12`, an `int` can hold `2^32` possible values, but
_signed_, so the `Integer.MAX_VALUE` is `2....*10^12`. A `long` is required for
all of these fields.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
