This queue is for tickets about the Crypt-SaltedHash CPAN distribution.

Report information
The Basics
Id:
67574
Status:
resolved
Priority:
Low/Low

People
Owner:
Nobody in particular
Requestors:
JJSCHUTZ [...] cpan.org
Cc:
AdminCc:

BugTracker
Severity:
Normal
Broken in:
(no value)
Fixed in:
0.09



Subject: Cryptic failure mode in validate() if $hasheddata has wrong format
If the stored password $hasheddata given to validate() is not of the correct form (i.e. doesn't contain "{...}" part), the regexps in __get_pass_scheme and __get_pass_hash do not match. In those cases the returned $1 is the value that it happened to have from any previous match, and what results is a weird error message such as "Can't locate Digest/BLAH_BLAH.pm in @INC" (where "blah blah" happened to be the current value of $1). Suggest a change along the lines of: sub __get_pass_scheme { if ($_[0] =~ m/{([^}]*)/) { return $1; } return; } and similarly for __get_pass_hash. A second but related suggestion in the case when $scheme is returned undefined from __get_pass_scheme - To provide backward compatibility with unsalted hashes (which is how I bumped into this problem), it would be nice if you could do Crypt::SaltedHash->new(algorithm => 'MD5')->validate("oldhashedpass", "oldpass") i.e. specifying MD5 as the algorithm in $self gives the fallback validation method if the scheme cannot be found in $hasheddata. -- Jon Schutz http://notes.jschutz.net/


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.