Skip to content

password-hash: use Salt type with PasswordHasher#1187

Merged
tarcieri merged 1 commit intomasterfrom
password-hash/typed-salts
Jan 9, 2023
Merged

password-hash: use Salt type with PasswordHasher#1187
tarcieri merged 1 commit intomasterfrom
password-hash/typed-salts

Conversation

@tarcieri
Copy link
Member

@tarcieri tarcieri commented Jan 9, 2023
edited
Loading

Previously PasswordHash::hash_password and PasswordHash::generate took &str for Salt, however this is a bit of a confusing API because the first thing it does is attempt to convert to a Salt which upholds several invariants including "B64" encoding.

This change makes the Salt parameter explicit so it's clear what type is responsible for checking those invariants.

Closes #1029.

@tarcieri
password-hash: use Salt type with PasswordHasher
a3a8eb2 
Previously `PasswordHash::hash_password` and `PasswordHash::generate`
took `&str` for `Salt`, however this is a bit of a confusing API because
the first thing it does is attempt to convert to a `Salt` which upholds
several invariants including "B64" encoding.

This change makes the `Salt` parameter explicit so it's clear what type
is responsible for checking those invariants.
@tarcieri tarcieri merged commit 18871f7 into master Jan 9, 2023
@tarcieri tarcieri deleted the password-hash/typed-salts branch January 9, 2023 01:57
@tarcieri tarcieri mentioned this pull request Mar 4, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

password-hash: unsafe salt API

1 participant

@tarcieri