You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I didn't know if this should go in discussion or here as I imagine this was part intentional.
Because IvParameterSpec is generated on random bytes, whenever you run the application the spec changes between runs, resulting in different encrypted strings on the same raw string (this is the whole point of initialization vectors). This means if you have an EncryptedPassword already saved in the database, you won't be able login using the same password if the application restarts. crypto.encrypt("mypassword") will result in a different EncryptedPassword than what is in the database.
This doesn't seem like a very desirable behavior. What are your thoughts?
Steps to reproduce:
Run the application and create a user
login with the created user --> 200 Ok
Restart the application
Try logging in with the same user --> 403 Forbidden
To work around this, IV needs to be stored in the users table as well
The text was updated successfully, but these errors were encountered:
I didn't know if this should go in discussion or here as I imagine this was part intentional.
Because
IvParameterSpecis generated on random bytes, whenever you run the application the spec changes between runs, resulting in different encrypted strings on the same raw string (this is the whole point of initialization vectors). This means if you have anEncryptedPasswordalready saved in the database, you won't be able login using the same password if the application restarts.crypto.encrypt("mypassword")will result in a differentEncryptedPasswordthan what is in the database.This doesn't seem like a very desirable behavior. What are your thoughts?
Steps to reproduce:
To work around this, IV needs to be stored in the users table as well
The text was updated successfully, but these errors were encountered: