Password4j/password4j

Argon2: fix addRandomSalt

firaja opened this issue · 0 comments

firaja commented

Describe the bug
Conversion from String to byte[] changes the original generated salt in Argon2

To Reproduce

Hash hash = Password.hash(test.plainTextPassword).addRandomSalt().withArgon2();
assertTrue(Password.check(test.plainTextPassword, hash));  // fails

in particular what is generated by HashBuilder#addRandomSalt() is different from Hash#salt

Expected behavior
HashBuilder#addRandomSalt() == Hash#salt

Environment:
1.7.3+