Provide API to retrieve hasher settings of encoded hash
lunikon opened this issue · 4 comments
It would be nice to have an official API to retrieve the settings with which a hash has been generated. While these are encoded in the hash and it would be relatively easy to extract them manually, it would be nicer if the library provided a proper abstraction over this and left said parsing to the backend/actual implementations.
Motivation: I would like to automatically re-hash verified passwords if the currently used settings differ from those used when the password was originally hashed. At the moment, determining whether the settings have changed is relatively cumbersome.
Would adding the following method on the Hasher interface be sufficient for your use-case?
/**
* Tests whether this hasher configuration matches with properties found encoded in the given hash.
*
* @param encodedHash An Argon2 encoded hash
* @return <code>true</code>, if this hasher properties and encodedHash properties match (type, version, memory
* cost, time cost, parallelism, salt length and hash length)
*/
boolean propertiesMatch(String encodedHash);
It essentially tells if encodedHash could have been produced by this hasher.
Then, you could use it like:
boolean passwordValid = verifier.password(password).hash(encodedHash).verifyEncoded();
if (passwordValid && !hasher.propertiesMatch(encodedHash)) {
String newHash = hasher.password(password).encodedHash();
// store newHash
}
// continue login
Yes, something like this would be perfect!
Just deployed API version v1.1.0 to Maven central.
Change your api dependency to:
<dependency>
<groupId>com.kosprov.jargon2</groupId>
<artifactId>jargon2-api</artifactId>
<version>1.1.0</version>
</dependency>
Damn, that was quick! Thanks a lot!