[Jamwiki-devel] Question about code fragment
Brought to you by:
wrh2
From: <jam...@li...> - 2013-03-10 18:56:55
|
Hi, I stumbled about JAMWiki not using any salt for password hashing and wanted to start a request about it. Than I figured JIRA exists and found JAMWIKI-36 ... So now I'm trying to take care about it. While crawling through the code, to get an image about who's using what, when and why I saw org.jamwiki.utils.Encryption.bytes2String(byte[]) and am wondering, what's the concrete intention behind it? I see what it does and from it's usage I see what's it currently expected to do. But to achieve the very same much simpler code would be sufficient. [1] So I fear there's something else "implied", which I don't see ... Anybody out there able to answer my question? Best regards, Peter [1]: 'new String(byteData, "US-ASCII")' or 'new String(byteData)' because simply casting byte to char is only valid for the very optimistic assumption every provided byte value represents a valid US-ASCII (or system default charset) character. The concrete question that came up to me is: what, if this method just returns a hex string representation of 'byte[]'? OTOH than Encryption.decrypt64(String) might break ... |