password must not be longer than 71 bytes plus null terminator encoded in utf-8, was 80
chebaby opened this issue · 3 comments
Hi, first thank you for this awesome package.
I was just wondering if you could tell what i doing wrong, because i get an error and the app crushes.
Code
import at.favre.lib.crypto.bcrypt.BCrypt;
public class ManagerEntity {
public String getPassword() {
return password;
}
public void setPassword(String password) {
char[] pass_hash_array = BCrypt.with(BCrypt.Version.VERSION_2Y).hashToChar(6, password.toCharArray());
String pass_hash = new String(pass_hash_array);
this.password = pass_hash;
}
}
Line causing the error is this :
char[] pass_hash_array = BCrypt.with(BCrypt.Version.VERSION_2Y).hashToChar(6, password.toCharArray());
The password i use for testing is "1111"
Error
11-02 14:57:27.266 1483-1483/com.domain D/ManagerEntity: password: $2y$06$BH.7eRgKVPHzDIwxNjZv5en5gRwih4W4km7l0eisSEKCin/tYdi8K����������������������������������������
11-02 14:57:27.286 1483-1483/com.domain E/AndroidRuntime: FATAL EXCEPTION: main
Process: com.domain, PID: 1483
java.lang.IllegalArgumentException: password must not be longer than 71 bytes plus null terminator encoded in utf-8, was 80
at at.favre.lib.crypto.bcrypt.LongPasswordStrategy$StrictMaxPasswordLengthStrategy.innerDerive(LongPasswordStrategy.java:50)
at at.favre.lib.crypto.bcrypt.LongPasswordStrategy$BaseLongPasswordStrategy.derive(LongPasswordStrategy.java:34)
at at.favre.lib.crypto.bcrypt.BCrypt$Hasher.hashRaw(BCrypt.java:281)
at at.favre.lib.crypto.bcrypt.BCrypt$Hasher.hash(BCrypt.java:245)
at at.favre.lib.crypto.bcrypt.BCrypt$Hasher.hash(BCrypt.java:207)
at at.favre.lib.crypto.bcrypt.BCrypt$Hasher.hashToChar(BCrypt.java:164)
at com.domain.db.entity.ManagerEntity.setPassword(ManagerEntity.java:85)
at com.domain.db.dao.ManagerDao_Impl.whereEmail(ManagerDao_Impl.java:220)
at android.view.View.performClick(View.java:5246)
at android.widget.TextView.performClick(TextView.java:10626)
at android.view.View$PerformClick.run(View.java:21256)
at android.os.Handler.handleCallback(Handler.java:739)
at android.os.Handler.dispatchMessage(Handler.java:95)
at android.os.Looper.loop(Looper.java:145)
at android.app.ActivityThread.main(ActivityThread.java:6939)
at java.lang.reflect.Method.invoke(Native Method)
at java.lang.reflect.Method.invoke(Method.java:372)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1404)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1199)
Hey chebaby,
The reason this happens is that bcrypt can only handle 71+1 bytes as password and the default implementation just crashes. You can specifiy a custom strategy. Have a look at following method:
public static Hasher with(Version version, SecureRandom secureRandom, LongPasswordStrategy longPasswordStrategy)
About your specific issue: At first look your example seems correct. (A small tip: if you don't use the char array output, you can just use .hashToString()). I however don't think your solution is to change your longPasswordStragey!
I think there is a bug in your flow, if you really pass "1111" there should be no problem, I believe however you may pass the output of the hash as the password into the bcrypt function, maybe multiple times (or something similar). Your code example is too simplified to say, but setting the hash to a variable called this.password looks suspicious.
I recommend debugging the part where the password is passed to see what ACTUALLY gets in the bcrypt function (or you could post a gist of a more complete example if you like).
Hey @chebaby,
Was your problem solved? Can I close this ticket?
Because there seems to be no activity, I am going to close this ticket.