added an additinal has function scrypt-16384-1-8 to deal with argument flipping in NaviSever 4.99
Between 4.99.20 and 4.99.31 (inclusive) there is a argument flipping bug for ::ns_crypto::scrypt (the parameters "r" and "p" were interpreted with flipped semantics). In case you are using SCRYPT for your password hashes with an affected version, you have to change the hash argorithm from scrypt-16384-8-1 to scrypt-16384-1-8 to check the previouly hashed passwords correctly. NaviServer 5 is not affected by this.
Loading ...