sodium_crypto_pwhash() warns "empty password"

Question

thisispiers opened this issue 2 years ago · 1 comments

sodium_crypto_pwhash() warns "empty password" when the value for a blind index is an empty string or null.

My current workaround is to add this line to the beginning of BoringCrypto::blindIndexSlow()

if ($plaintext === '') { $plaintext = ' '; }

A unique value from a constant might be preferable.

Answer 1 · 2022-06-02T15:28:22.000Z

Fixed in v4.0.1