Issues
- Hash numIterations is not compatible with Adobe CFLDEV-4243Michael Offner
- typo in argon2 code with handling of memory argumentLDEV-3829Resolved issue: LDEV-3829
- Encrypting large data strings times out when using HEX encodingLDEV-3621Resolved issue: LDEV-3621Michael Offner
- ACF2021 - (GenerateBCryptHash) BCryptLDEV-3409
- ACF2021 - SCryptLDEV-3408Mircea Botez
- use upstream argon2 osgi bundleLDEV-3189
- Add support for the Argon2 hashing algorithmLDEV-2883Resolved issue: LDEV-2883Michael Offner
- Update Bouncy Castle to the latest versionLDEV-2683
- Blowfish encryption in Lucee Admin updateLDEV-1685
- RAILO-858 Add the Coldfusion built-in function generate3DesKeyLDEV-1170Resolved issue: LDEV-1170Igal Sapir
- Implement GeneratePBKDFKeyLDEV-256Resolved issue: LDEV-256Michael Offner
Hash numIterations is not compatible with Adobe CF
Description
Details
Assignee
Michael OffnerMichael OffnerReporter
VikrantVikrantNew Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Sprint
Priority
Critical
Details
Details
Assignee
Reporter
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Sprint
Priority
CriticalActivity
Zac Spitzer28 October 2022 at 13:46
Pothys - MitrahSoft18 October 2022 at 15:12
I've checked this ticket and confirmed the issue happened on lucee latest version 5.3.10.84-SNAPSHOT. In lucee, hash( input, 'SHA-512','UTF-8',99 ) is incompatible with ACF.
I added a testcase to this ticket
Pull Request:
Brad Wood17 October 2022 at 23:05
This has been a known behavior for a long time. There is a note about the incompatibility here
And here
but for some reason, not here
In the past, the Lucee devs were reticent to change the behavior since it would be a regression for anyone using it. Lucee 6 would be the time to finally fix this and provide a backward compat flag for people who wanted to keep the old behavior. It’s interesting to note when Lucee 5 came out they also broke hash() then and created a hash40() BIF, though I’m not a super big fan of introducing a new BIF again.
Currently, numiteration parameter is incompatible with the iterations parameter of hash functions. hash( input, 'SHA-512','UTF-8',99 ) in ACF is equal to hash( input, 'SHA-512','UTF-8',100 ) in lucee.