| Subject: | Cryptic failure mode in validate() if $hasheddata has wrong format |
If the stored password $hasheddata given to validate() is not of the
correct form (i.e. doesn't contain "{...}" part), the regexps in
__get_pass_scheme and __get_pass_hash do not match. In those cases the
returned $1 is the value that it happened to have from any previous
match, and what results is a weird error message such as "Can't locate
Digest/BLAH_BLAH.pm in @INC" (where "blah blah" happened to be the
current value of $1).
Suggest a change along the lines of:
sub __get_pass_scheme {
if ($_[0] =~ m/{([^}]*)/) {
return $1;
}
return;
}
and similarly for __get_pass_hash.
A second but related suggestion in the case when $scheme is returned
undefined from __get_pass_scheme - To provide backward compatibility
with unsalted hashes (which is how I bumped into this problem), it would
be nice if you could do
Crypt::SaltedHash->new(algorithm => 'MD5')->validate("oldhashedpass",
"oldpass")
i.e. specifying MD5 as the algorithm in $self gives the fallback
validation method if the scheme cannot be found in $hasheddata.
--
Jon Schutz
http://notes.jschutz.net/