From 9b73475b9ae98e4cfd8ea3e38d26690cfe44b3ad Mon Sep 17 00:00:00 2001
From: ljacqu <ljacqu@users.noreply.github.com>
Date: Mon, 28 Dec 2015 21:27:47 +0100
Subject: [PATCH] Minor - clean up bcrypt 2y implementation - Update
 Recommendation annotation - Add proper length check to hash - Remove check
 that is always true

---
 .../fr/xephi/authme/security/crypts/BCRYPT2Y.java | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/main/java/fr/xephi/authme/security/crypts/BCRYPT2Y.java b/src/main/java/fr/xephi/authme/security/crypts/BCRYPT2Y.java
index 1b372c4c1..664b3c931 100644
--- a/src/main/java/fr/xephi/authme/security/crypts/BCRYPT2Y.java
+++ b/src/main/java/fr/xephi/authme/security/crypts/BCRYPT2Y.java
@@ -3,20 +3,25 @@ package fr.xephi.authme.security.crypts;
 import fr.xephi.authme.security.crypts.description.Recommendation;
 import fr.xephi.authme.security.crypts.description.Usage;
 
-@Recommendation(Usage.DOES_NOT_WORK)
+@Recommendation(Usage.RECOMMENDED)
 public class BCRYPT2Y extends HexSaltedMethod {
 
     @Override
     public String computeHash(String password, String salt, String name) {
-        if (salt.length() == 22)
+        if (salt.length() == 22) {
             salt = "$2y$10$" + salt;
+        }
         return BCRYPT.hashpw(password, salt);
     }
 
     @Override
-    public boolean comparePassword(String hash, String password, String salt, String playerName) {
-        String ok = hash.substring(0, 29);
-        return ok.length() == 29 && hash.equals(computeHash(password, ok, playerName));
+    public boolean comparePassword(String hash, String password, String unusedSalt, String unusedName) {
+        if (hash.length() != 60) {
+            return false;
+        }
+        // The salt is the first 29 characters of the hash
+        String salt = hash.substring(0, 29);
+        return hash.equals(computeHash(password, salt, null));
     }
 
     @Override