- Issue created by @phenaproxima
- last update
12 months ago 29,811 pass - @phenaproxima opened merge request.
- Assigned to Wim Leers
- Status changed to Needs review
12 months ago 2:16pm 13 July 2023 - Assigned to phenaproxima
- Status changed to Needs work
12 months ago 5:07pm 13 July 2023 - last update
12 months ago 29,808 pass, 1 fail - 🇺🇸United States phenaproxima Massachusetts
Aren't these hashes consistently of a certain length?
It's hard to tell. The hashing code is this:
$hash = base64_encode(hash('sha256', $data, TRUE)); // Modify the hash so it's safe to use in URLs. return str_replace(['+', '/', '='], ['-', '_', ''], $hash);Since the hash is base64-encoded (for some reason), I cannot reliably tell what its length will be, and I'm not sure what a minimum valid length would be for an encoded SHA-256 hash. (I know that the hash itself has a deterministic length, but the base64 encoding of that hash?)
- last update
12 months ago Custom Commands Failed - last update
12 months ago Custom Commands Failed - last update
12 months ago 29,813 pass - last update
12 months ago 29,813 pass - Assigned to Wim Leers
- Status changed to Needs review
12 months ago 11:03pm 13 July 2023 - Assigned to phenaproxima
- Status changed to Needs work
12 months ago 9:00am 14 July 2023 - last update
12 months ago 29,815 pass - Assigned to Wim Leers
- Status changed to Needs review
12 months ago 3:04pm 18 July 2023 - Status changed to Needs work
12 months ago 9:50am 19 July 2023 - 🇧🇪Belgium borisson_ Mechelen, 🇧🇪
Aren't these hashes consistently of a certain length?
It's hard to tell. The hashing code is this:
$hash = base64_encode(hash('sha256', $data, TRUE)); // Modify the hash so it's safe to use in URLs. return str_replace(['+', '/', '='], ['-', '_', ''], $hash);Since the hash is base64-encoded (for some reason), I cannot reliably tell what its length will be, and I'm not sure what a minimum valid length would be for an encoded SHA-256 hash. (I know that the hash itself has a deterministic length, but the base64 encoding of that hash?)
I checked this with @znerol and @dawehner at drupal dev days in Vienna, we figured out that the length of the string is always 43 characters, we tested this with a sha of all zeroes, and one with all ones, and they all come out to a string of 44 characters, which includes one padding character. We also checked the RFC for base64: http://www.faqs.org/rfcs/rfc2045.html (chapter 6.8).
Here is a 3v4l with some of the code we used for verifying this. https://3v4l.org/AhYfp
I will leave out the python and other attempts we made at checking this.So I think this means we can check for the exact length, and it should always be 43.
- Status changed to Needs review
12 months ago 1:30pm 20 July 2023 - 🇺🇸United States phenaproxima Massachusetts
Feedback addressed. Back to review!
- last update
12 months ago 29,827 pass - Status changed to RTBC
12 months ago 2:10pm 20 July 2023 -
lauriii →
committed 4dcc2b28 on 11.x
Issue #3374394 by phenaproxima, Wim Leers, borisson_, dawehner, znerol:...
-
lauriii →
committed 4dcc2b28 on 11.x
- Status changed to Fixed
12 months ago 8:32am 21 July 2023 - Issue was unassigned.
- 🇧🇪Belgium Wim Leers Ghent 🇧🇪🇪🇺
Wonderful! 🤩 Thanks for pushing this one across the finish line, everyone! 😊
Automatically closed - issue fixed for 2 weeks with no activity.
