Minor - clean up bcrypt 2y implementation

- Update Recommendation annotation
- Add proper length check to hash
- Remove check that is always true
This commit is contained in:
ljacqu 2015-12-28 21:27:47 +01:00
parent 73bc6e286a
commit 9b73475b9a

View File

@ -3,20 +3,25 @@ package fr.xephi.authme.security.crypts;
import fr.xephi.authme.security.crypts.description.Recommendation;
import fr.xephi.authme.security.crypts.description.Usage;
@Recommendation(Usage.DOES_NOT_WORK)
@Recommendation(Usage.RECOMMENDED)
public class BCRYPT2Y extends HexSaltedMethod {
@Override
public String computeHash(String password, String salt, String name) {
if (salt.length() == 22)
if (salt.length() == 22) {
salt = "$2y$10$" + salt;
}
return BCRYPT.hashpw(password, salt);
}
@Override
public boolean comparePassword(String hash, String password, String salt, String playerName) {
String ok = hash.substring(0, 29);
return ok.length() == 29 && hash.equals(computeHash(password, ok, playerName));
public boolean comparePassword(String hash, String password, String unusedSalt, String unusedName) {
if (hash.length() != 60) {
return false;
}
// The salt is the first 29 characters of the hash
String salt = hash.substring(0, 29);
return hash.equals(computeHash(password, salt, null));
}
@Override