You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Argon2iPasswordEncoder and BCryptPasswordEncoder both validate passwords using the password_verify() function without checking the hash type first. As the function can infer the type from the given hash, this means both encoders are able to validate any hash whose type can be infered.
In other words, Argon2iPasswordEncoder can validate BCrypt encoded passwords and BCryptPasswordEncoder can validate Argon2i encoded passwords. IMO this is not a bug but it's not really expected either. WDYT?
The text was updated successfully, but these errors were encountered:
Argon2iPasswordEncoder
andBCryptPasswordEncoder
both validate passwords using thepassword_verify()
function without checking the hash type first. As the function can infer the type from the given hash, this means both encoders are able to validate any hash whose type can be infered.In other words,
Argon2iPasswordEncoder
can validate BCrypt encoded passwords andBCryptPasswordEncoder
can validate Argon2i encoded passwords. IMO this is not a bug but it's not really expected either. WDYT?The text was updated successfully, but these errors were encountered: