Skip to content

Fix for Issue #12 - Handle long master passwords #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
OffRange merged 2 commits into from
Jul 15, 2023
Merged

Fix for Issue #12 - Handle long master passwords #13

OffRange merged 2 commits into from
Jul 15, 2023

Conversation

@OffRange
Copy link
Owner

@OffRange OffRange commented Jul 15, 2023
edited
Loading

Summary:

This pull request fixes issue #12, which involves a crash occurring when logging into the app with a long master password. The crash is caused by the bcrypt algorithm's inability to handle passwords longer than 72 characters. To mitigate this issue, the proposed solution is to first hash the password using the SHA-512 algorithm and then compare it with the original hashed password.

Changes Made:

  • Modified the password handling mechanism to support long passwords.
  • Implemented a LongPasswordStrategy using LongPasswordStrategies.hashSha512(VERSION_2A)
  • Updated the relevant function to incorporate the new password handling logic.

Impact:

  • The proposed changes enhance the app's robustness and resolve the crashing issue caused by long passwords. By employing the SHA-512 algorithm for hashing long passwords, we can ensure compatibility and prevent crashes during the login process.

Related Issues:

Issue #12

Additional Notes:

The changes made in this pull request adhere to the best practices and security guidelines for password handling. The updated password handling mechanism ensures both security and stability while maintaining compatibility with the bcrypt algorithm for shorter passwords.

@OffRange OffRange linked an issue Jul 15, 2023 that may be closed by this pull request
the app has good sisign BUT... #12
Closed
@OffRange OffRange merged commit cdd7feb into main Jul 15, 2023
@delete-merged-branch delete-merged-branch bot deleted the fix-bcrypt-validation branch July 15, 2023 16:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

the app has good sisign BUT...

2 participants

@OffRange