From c31bdb6390d9993433a258b7e83bebe2529905b2 Mon Sep 17 00:00:00 2001 From: SendilKumar N Date: Mon, 27 Feb 2017 20:44:54 +0800 Subject: [PATCH] SCryptPasswordEncoder to take default keyLength value Fixes gh-4225 Closes gh-4231 --- .../security/crypto/scrypt/SCryptPasswordEncoder.java | 4 ++-- .../security/crypto/scrypt/SCryptPasswordEncoderTests.java | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java index 293a4435f5..c133886cfd 100644 --- a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java +++ b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2017 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -163,7 +163,7 @@ public class SCryptPasswordEncoder implements PasswordEncoder { } private String digest(CharSequence rawPassword, byte[] salt) { - byte[] derived = SCrypt.generate(Utf8.encode(rawPassword), salt, cpuCost, memoryCost, parallelization, 32); + byte[] derived = SCrypt.generate(Utf8.encode(rawPassword), salt, cpuCost, memoryCost, parallelization, keyLength); String params = Long .toString(((int) (Math.log(cpuCost) / Math.log(2)) << 16L) | memoryCost << 8 | parallelization, 16); diff --git a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java index e725175041..09d5128a53 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoderTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2017 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -65,7 +65,7 @@ public class SCryptPasswordEncoderTests { @Test public void samePasswordWithDifferentParams() { - SCryptPasswordEncoder oldEncoder = new SCryptPasswordEncoder(512, 8, 4, 64, 16); + SCryptPasswordEncoder oldEncoder = new SCryptPasswordEncoder(16384, 8, 1, 32,64); SCryptPasswordEncoder newEncoder = new SCryptPasswordEncoder(); String password = "secret";