Skip to content

feat: hash validation #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
livio-a merged 2 commits into from
Dec 19, 2025
Merged

feat: hash validation #77

livio-a merged 2 commits into from
Dec 19, 2025

Conversation

@muhlemmer
Copy link
Collaborator

@muhlemmer muhlemmer commented Dec 18, 2025

Add the ability to validate if a hash is verifiable ahead of time,
within set cost parameters.

BREAKING CHANGE:

  1. Validate method added to the Verifier interface
  2. Scrypt N parameter changed to LN, which is log2(N). As scrypt only accepts N as a power of 2, using LN directly is less error prone. LN is also the value used in the encoded hash.
  3. Drop the md5 hasher. The algorithm is insecure and we don't have hashers for the other variants anyway. Adding it was more a vanity thing when the lib was created.

@muhlemmer
feat: hash validation
c26a89b 
Add the ability to validate if a hash if verifiable,
within set cost parameters.

BREAKING CHANGE:

1. Validate method added to the Verifier interface
2. Scrypt N parameter changed to LN, which is log2(N). As scrypt only accepts N as a power of 2, using LN directly is less error prone. LN is also the value used in the encoded hash.
3. Drop the md5 hasher. The algorithm is insecure and we don't have hashers for the other variants anyway. Adding it was more a vanity thing when the lib was created.
@muhlemmer muhlemmer requested a review from Copilot December 18, 2025 18:19
github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 18, 2025
View reviewed changes
@muhlemmer muhlemmer requested a review from livio-a December 18, 2025 18:22
Copilot AI reviewed Dec 18, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces hash validation functionality to allow checking if a hash is verifiable within configured cost parameters before attempting verification. The changes include several breaking API modifications.

Key changes:

  • Adds Validate method to the Verifier interface for upfront parameter bounds checking
  • Changes scrypt's N parameter to LN (log2 of N) for better error prevention and consistency with encoded format
  • Removes the insecure MD5 hasher (verification-only implementations remain)

Reviewed changes

Copilot reviewed 26 out of 26 changed files in this pull request and generated 15 comments.

Show a summary per file
File Description
verifier/verifier.go Adds Validate method to interface, introduces BoundsError type, removes VerifyFunc helper
verifier/verifier_test.go Updates tests to cover new BoundsError functionality
argon2/argon2.go Implements Validate with bounds checking for time, memory, and threads parameters
bcrypt/bcrypt.go Implements Validate with cost bounds checking, adds Verifier type
scrypt/scrypt.go Implements Validate, changes N to LN parameter, adds validation for LN, R, P, and R*P constraints
sha2/sha2.go Implements Validate with rounds bounds checking for SHA-256 and SHA-512
pbkdf2/pbkdf2.go Implements Validate with rounds bounds checking
phpass/phpass.go Implements Validate with rounds bounds checking, refactors parsing logic
drupal7/drupal7.go Implements Validate with iterations bounds checking, refactors to use checker struct
md5/md5.go Removes Hasher type, keeps Verifier for legacy hash verification
md5plain/md5plain.go Adds Validate implementation, converts to struct-based verifier
md5salted/md5salted.go Adds Validate implementation, converts to struct-based verifier
passwap.go Adds Validate method to Swapper for pre-verification validation
passwap_test.go Updates tests to use new Verifier constructors
passwap_example_test.go Updates examples to pass ValidationOpts to constructors
internal/testvalues/scrypt.go Updates test constant from ScryptN to ScryptLN

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@livio-a livio-a merged commit 5dafb2f into main Dec 19, 2025
5 checks passed
@livio-a livio-a deleted the feat-validation branch December 19, 2025 12:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@livio-a livio-a livio-a approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@muhlemmer @livio-a