mirror of
https://github.com/ziglang/zig.git
synced 2025-12-14 18:23:12 +00:00
9ee0a706da
crypto.bcrypt: allow very large passwords to be pre-hashed bcrypt has a slightly annoying limitation: passwords are limited to 72 characters. In the original implementation, additional characters are silently ignored. When they care, applications adopt different strategies to work around this, in incompatible ways. Ideally, large passwords should be pre-hashed using a hash function that hinders GPU attackers, and the hashed function should not be deterministic in order to defeat shucking attacks. This change improves the developer experience by adding a very explicit `silently_truncate_password` option, that can be set to `false` in order to do that automatically, and consistently across Zig applications. By default, passwords are still truncated, so this is not a breaking change. Add some inline documentation for our beloved autodoc by the way.