This repository was archived by the owner on May 25, 2021. It is now read-only.
This repository was archived by the owner on May 25, 2021. It is now read-only.
Inconsistent SCryptUtil#check behavior when password is an empty string #41
Description
The method SCryptUtil#check produces a different result when the parameter passwd is an empty string depending on whether the native library or pure Java implementation of scrypt is used.
The native library (lib.x86_64/linux/libscrypt.so) works as expected.
The pure Java implementation throws java.lang.IllegalArgumentException: Empty key.
Steps to reproduce:
System.setProperty("com.lambdaworks.jni.loader", "nil");
boolean result = SCryptUtil.check("", "$s0$a0801$uk1+u+tylCxLj/l3I8smTA==$6SaqEZxC6fO89qGEjR25sYym+jXd6491g+1Ufa36sQw=");
assertTrue(result);
I suggest creating the following test case:
byte[] passwd = {};
byte[] salt = {1, 2, 3, 4};
byte[] n = SCrypt.scryptN(passwd, salt, 1024, 8, 1, 64);
byte[] j = SCrypt.scryptJ(passwd, salt, 1024, 8, 1, 64);
assertArrayEquals(j, n);