Announcement Announcement Module
No announcement yet.
Is bcrypt correctly implemented? Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is bcrypt correctly implemented?

    I found this post on the Apache Shiro mailing list which states that the jBcrypt (which is where Spring Security's bcrypt implementation came from) is not correctly implemented:
    I've read the Niels/Provos paper and viewed the jBCrypt source and noticed that the code does not match the math. (I
    can't remember off of the top of my head but I believe the feistel transformation function was incorrect).
    Has anyone actually verified the bcrypt implementation?