BukrosSzabolcs commented on issue #1788:
URL: https://github.com/apache/accumulo/issues/1788#issuecomment-730485876
> > The crypt hash results has very rigid format with fixed id and salt
length (if the default salt is used) so recognizing a crypt hash is very easy.
Theoretically I think an overlap with the old hash format is possible but
highly unlikely.
>
> I initially came to the same conclusion. However, the length of our
current salt + sha-256 hash should be 40 bytes, exactly, and it's not possible
for any of the algorithms supported by commons-codec to produce an encrypted
String of that length. So, if we check the length, we can guarantee no overlap.
My solution was to try matching the zkData to
"^\\$([56])\\$(rounds=(\\d+)\\$)?([\\.\\/a-zA-Z0-9]{1,16})\\$(.*)", to see if
it was created by Crypt, but checking the length seems simpler.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
