bigstones
Reputation: 15267
phpass: why would HashPassword fail?
I'm reading phpass manual. At some point, it checks the result of the hashing like this:
$hash = $hasher->HashPassword($pass);
if (strlen($hash) < 20)
fail('Failed to hash new password');
I understand that's the minimum lenght for a phpass hash, but I don't understand why would it fail. Is it even possible? I mean, who/what should I blame if it happens? How to prevent that? I also posted a comment about this in the web page.
For reference, you can find the code of PasswordHash::HashPassword() in this question: How can * be a safe hashed password?
Upvotes: 4
Views: 266
Answers (1)
Evert
Reputation: 99571
I noticed that some underlying libraries, such as 'crypt' don't fail gracefully when something is wrong, but just return a shorter string.
Maybe this is a symptom of this problem, and just an extra precaution.
Upvotes: 1
Related Questions
- php - password_hash returns false
- php For some strange reason my password_hash(), does not work
- Hashed password wont login
- PHPass refuses to check hashes
- password_hash returns NULL
- Issue to match pHpass generated hashed passwords
- PHP Login code error with hashing password
- Not getting PHPASS
- PHP - phpass 0.2 troubles