dany giguere
05/23/2022, 2:59 PMsimon.vergauwen
05/23/2022, 3:01 PMtl;dr bcrypt is better than PBKDF2 because PBKDF2 can be better accelerated with GPUs. As such, PBKDF2 is easier to brute force offline with consumer hardware.
Landry Norris
05/23/2022, 4:47 PMsimon.vergauwen
05/23/2022, 5:36 PMdany giguere
05/23/2022, 6:17 PMpost("/login") {
val authenticatingUser = call.receive<AuthenticatingUser>()
val dbUser = userDSL.findUserByEmail(authenticatingUser.email)
val bcryptHashString = BCrypt.withDefaults().hashToString(12, authenticatingUser.password.toCharArray())
val result: BCrypt.Result = BCrypt.verifyer().verify(dbUser?.password?.toCharArray(), bcryptHashString)
if(!result.verified) {
throw AuthorizationException("Sorry you are not authorized")
}
but I always get result.verified
equal to false. And I created (seeded) the user like so
val password = "secret"
val bcryptHashString = BCrypt.withDefaults().hashToString(12, password.toCharArray())
userDSL.create("johndoe", "<mailto:johndoe@test.com|johndoe@test.com>", bcryptHashString)
simon.vergauwen
05/23/2022, 6:28 PMval hash = BCrypt.withDefaults().hash(12, "secret".toByteArray())
val result = BCrypt.verifyer().verify("secret".toByteArray(), hash)
Landry Norris
05/23/2022, 6:33 PMdany giguere
05/23/2022, 10:28 PMval hashedPassword = BCrypt.withDefaults().hash(12, newUser.password.toByteArray())
transaction {
Users.insert {
it[username] = username
it[email] = email
it[password] = hashedPassword
}
}
but IntelliJ complains:
None of the following functions can be called with the arguments supplied.
set(Column<TypeVariable(ID)>, TypeVariable(E)) where S = TypeVariable(S), ID = TypeVariable(ID), E = TypeVariable(E) for fun <S, ID : EntityID<S>, E : Expression<S>> set(column: Column<ID>, value: E): Unit defined in org.jetbrains.exposed.sql.statements.InsertStatement
set(Column<TypeVariable(ID)>, TypeVariable(E)) where S = TypeVariable(S), ID = TypeVariable(ID), E = TypeVariable(E) for fun <S : Comparable<S>, ID : EntityID<S>, E : S?> set(column: Column<ID>, value: E): Unit defined in org.jetbrains.exposed.sql.statements.InsertStatement
set(Column<TypeVariable(S)>, TypeVariable(S)) where S = TypeVariable(S) for fun <S> set(column: Column<S>, value: S): Unit defined in org.jetbrains.exposed.sql.statements.InsertStatement
set(Column<TypeVariable(S)>, Query) where S = TypeVariable(S) for fun <S> set(column: Column<S>, value: Query): Unit defined in org.jetbrains.exposed.sql.statements.InsertStatement
set(Column<TypeVariable(T)>, TypeVariable(E)) where T = TypeVariable(T), S = TypeVariable(S), E = TypeVariable(E) for fun <T, S : T, E : Expression<S>> set(column: Column<T>, value: E): Unit defined in org.jetbrains.exposed.sql.statements.InsertStatement
set(CompositeColumn<TypeVariable(S)>, TypeVariable(S)) where S = TypeVariable(S) for fun <S> set(column: CompositeColumn<S>, value: S): Unit defined in org.jetbrains.exposed.sql.statements.InsertStatement
No set method providing array access
simon.vergauwen
05/24/2022, 6:16 AMUsers.password
should be a ByteArray
. The type of hashedPassword
is a byte arraybytea
dany giguere
05/25/2022, 11:35 AM