Skip to content

Commit

Permalink
Add caution re Argon2id::Password equality
Browse files Browse the repository at this point in the history 
The downside of the convenience of using `Argon2id::Password#==` for
verification means it might break expectations of how equality works for
those objects.
  • Loading branch information
@mudge
mudge committed Nov 6, 2024
1 parent 64e5e32 commit c282d9a
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,6 +149,15 @@ password.is_password?("opensesame") #=> true
password.is_password?("notopensesame") #=> false
```

> [!CAUTION]
> `Argon2id::Password#==` only works if the plain text password is on the right, e.g. the following behaviour may be surprising:
>
> password = Argon2id::Password.create("password")
> password == "password" #=> true
> "password" == password #=> false
>
> If you want to avoid this ambiguity, prefer the `Argon2id::Password#is_password?` alias instead.
The various parts of the encoded hash can be retrieved:

```ruby
Expand Down

0 comments on commit c282d9a

Please sign in to comment.