Skip Menu |

This queue is for tickets about the Crypt-PBKDF2 CPAN distribution.

Report information
The Basics
Id: 84130
Status: resolved
Priority: 0/
Queue: Crypt-PBKDF2
People
Owner: ARODLAND [...] cpan.org
Requestors: Ian.Steigrad [...] epicteam.com.au
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: 0.131750

History Show all quoted text
  Thu Mar 21 21:28:37 2013 Ian.Steigrad [...] epicteam.com.au - Ticket created
Subject: Bug with Crypt SHA2512
Date: Fri, 22 Mar 2013 01:28:13 +0000
To: "'bug-Crypt-PBKDF2 [...] rt.cpan.org'" <bug-Crypt-PBKDF2 [...] rt.cpan.org>
From: Ian Steigrad <Ian.Steigrad [...] epicteam.com.au>
Hi there, I have been using this module under V0.112020 for a while very successfully but when I move to V0.121930, I can't use the validate() command on my old hashes. The issue seems to come down to using SHA2{512} and the 'crypt' encoding. Here's the test case: use Time::HiRes qw/ time /; use Crypt::PBKDF2; my $pbkdf2 = Crypt::PBKDF2->new( hash_class => 'HMACSHA2', hash_args => { 'sha_size' => 512 }, iterations => 100, salt_len => 32, encoding => 'crypt' ); my $time = time; my $hash = $pbkdf2->generate("password"); print $hash. "\n"; print time - $time . "\n"; $time = time; if ( $pbkdf2->validate( $hash, "password" ) ) { print "success\n"; } else { print "fail\n"; } print time - $time . "\n"; This fails, but works fine if I use encoding=>'ldap'. The real issue is that it would be most helpful if the validate() function could validate either format so I can use legacy hashes from my DB but create new ones using the preferred 'ldap' encoding. Reverting to V0.112020 for the time being... Cheers, Ian Show quoted text
________________________________ PLEASE CONSIDER THE ENVIRONMENT BEFORE PRINTING THIS E-MAIL This e-mail and any attachments to it are intended to be read or used by the addressee. It is confidential and may contain legally privileged information and/or copyright material of The Epic Team Pty Limited or third parties. If you receive this e-mail in error, please immediately delete it from your system and notify the sender. You should only retransmit, distribute or commercialise this material if you are authorised to do so. Confidentiality and legal privilege are not waived or lost by reason of mistaken delivery to you. You must not disclose, copy or use any part of this e-mail if you are not the intended recipient. The Epic Team Pty Limited will not be responsible for any claim arising from the unauthorised usage of, or alterations to this e-mail or any attachment to it. No warranty is made that this e-mail or attachments are free from computer virus or other defect. To contact The Epic Team phone (02) 9281 0024 during business hours.

Message body is not shown because it is too large.

  Mon Jun 24 12:34:07 2013 ARODLAND [...] cpan.org - Taken
  Mon Jun 24 13:13:26 2013 ARODLAND [...] cpan.org - Correspondence added
Hi, sorry for the delay in taking care of this. I've just released version 0.131750 which fixes the options handling for 'crypt'-style hashes, and adds tests so that they stay fixed. Your script reports 'success' for me. Please test the new release out and let me know if it meets your needs.
  Mon Jun 24 13:13:27 2013 The RT System itself - Status changed from 'new' to 'open'
  Mon Jun 24 13:13:27 2013 ARODLAND [...] cpan.org - Status changed from 'open' to 'resolved'
  Mon Jun 24 13:13:46 2013 ARODLAND [...] cpan.org - Ticket deleted
  Mon Jun 24 13:13:49 2013 ARODLAND [...] cpan.org - Status changed from 'deleted' to 'open'
  Mon Jun 24 13:23:42 2013 ARODLAND [...] cpan.org - Correspondence added
accidentally clicked some weird button. Closing again. :)
  Mon Jun 24 13:23:43 2013 ARODLAND [...] cpan.org - Status changed from 'open' to 'resolved'
  Mon Jun 24 13:23:43 2013 ARODLAND [...] cpan.org - Fixed in 0.131750 added