Skip to content
This repository has been archived by the owner on May 25, 2021. It is now read-only.

SCryptUtil should accept char[] in addition to String #31

Open
bannmann opened this issue Jun 19, 2015 · 0 comments
Open

SCryptUtil should accept char[] in addition to String #31

bannmann opened this issue Jun 19, 2015 · 0 comments

Comments

@bannmann
Copy link

The password parameters of SCryptUtil.scrypt() and check() are strings, which should not be used for passwords as explained here. For developers that care about these nuances, it would be great if you provided additional overloads that allow using a char[]:

public static String scrypt(char[] passwd, int N, int r, int p)
public static boolean check(char[] passwd, String hashed)

Note that I consider the hash to be harmless and kept it inside a String; one might argue to use char[] here for consistency.
bannmann added a commit to bannmann/scrypt that referenced this issue Jul 20, 2015
@bannmann
SCryptUtil now accepts char[] passwords in addition to Strings
0179c43 
- issue wg#31
@bannmann bannmann mentioned this issue Jul 20, 2015
Open
bannmann referenced this issue in jdstroy/scrypt Jul 20, 2015
@jdstroy
Add support for char[] passwords
01d998e 
Adding char[] support for passwords in SCryptUtil allows for improved security.  Users may then zero the data in the provided array.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bannmann