Bug #50392 for DBIx-Class-EncodedColumn: EncodedColumn can't validate with Digest::Whirlpool ( at all )

Sun Oct 11 08:33:32 2009 KENTNL [...] cpan.org - Ticket created

Subject:

EncodedColumn can't validate with Digest::Whirlpool ( at all )

When using Whirlpool as the algorithm, hashing, even without a salt, results in incorrect values. This appears as if the same digester is being used without resetting it between encodes, so every call to the encoder is really the hash of ( $previously_hashed_data . $newdata ), which of course is nonsense for passwords. This makes it impossible to encode a password and validate it. The following code never validates, and perpetually results in check_password always returning false, and the hash of the stored password continually rotating, despite there being no salt. ( As exhibited by the attached output: http://gist.github.com/207643 Further inspection by paraphrasing the encode column method into a more comprehensive test demonstrates Whirlpool doesn't function like the rest of the family ( for whatever reason ). http://gist.github.com/207648 All tested algorithms emit "TRUE" validity, except for Whirlpool, which only ever emits "FALSE".

Sun Oct 11 09:29:33 2009 KENTNL [...] cpan.org - Correspondence added

Also, I have extended the test case for the module, and provided a ( Trivial ) fix that solves the problem for me. Its based on the CPAN release with git-cpan, and there are 3 commits vs 0.0004. 1. The test 2. The fix 3. Tweaked Changelog http://github.com/kentfredric/DBIx-Class-EncodedColumn/commits/master

Sun Oct 11 09:29:35 2009 KENTNL [...] cpan.org - Status changed from 'new' to 'open'

Sun Oct 11 13:34:49 2009 KENTNL [...] cpan.org - Status changed from 'open' to 'resolved'

Mon Oct 12 11:58:11 2009 KENTNL [...] cpan.org - Taken

Mon Oct 12 11:58:40 2009 KENTNL [...] cpan.org - Fixed in 0.00005 added