#64: removed from scrypt output

CHANGELOG.md

@@ -3,10 +3,11 @@
 ## [1.6.0](https://github.com/Password4j/password4j/releases/tag/1.6.0) - (Coming soon)
 ### Changed
 * `BCryptFunction`, `SCryptFunction`, `#withBCrypt()`, `#withSCrypt()`, `getBCryptInstance()`, `getSCryptInstance()` to `BcryptFunction`, `ScryptFunction`, `#withBcrypt()`, `#withScrypt()`, `getBcryptInstance()`, `getScryptInstance()` ([#36](../../issues/36)).
+* Scrypt never prepends `$s0` to the result ([#64](../../issues/64)).
 
 ## [1.5.4](https://github.com/Password4j/password4j/releases/tag/1.5.4) - (2021-11-19)
 ### Fixed
-* Removed `slf4j-nop` which can cause issues if not excluded from the dependency tree ([#46](../../issues/46) 
+* Removed `slf4j-nop` which can cause issues if not excluded from the dependency tree ([#46](../../issues/46)) 
 
 ## [1.5.3](https://github.com/Password4j/password4j/releases/tag/1.5.3) - (2021-04-14)
 ### Fixed

src/main/java/com/password4j/ScryptFunction.java

@@ -89,13 +89,13 @@ protected ScryptFunction(int workFactor, int resources, int parallelization, int
     public static ScryptFunction getInstanceFromHash(String hashed)
     {
         String[] parts = hashed.split("\\$");
-        if (parts.length == 5)
+        if (parts.length == 4)
         {
-            long params = Long.parseLong(parts[2], 16);
+            long params = Long.parseLong(parts[1], 16);
             int workFactor = (int) Math.pow(2.0D, (double) (params >> 16 & 65535L));
             int resources = (int) params >> 8 & 255;
             int parallelization = (int) params & 255;
-            int derivedKeyLength = Utils.decodeBase64(parts[4]).length;
+            int derivedKeyLength = Utils.decodeBase64(parts[3]).length;
 
             return ScryptFunction.getInstance(workFactor, resources, parallelization, derivedKeyLength);
         }
@@ -255,7 +255,7 @@ private Hash internalHash(CharSequence plainTextPassword, byte[] salt)
         {
             byte[] derived = scrypt(Utils.fromCharSequenceToBytes(plainTextPassword), salt, derivedKeyLength);
             String params = Long.toString((long) Utils.log2(workFactor) << 16 | (long) resources << 8 | parallelization, 16);
-            String sb = "$s0$" + params + '$' + Utils.encodeBase64(salt) + '$'
+            String sb = "$" + params + '$' + Utils.encodeBase64(salt) + '$'
                     + Utils.encodeBase64(derived);
             return new Hash(this, sb, derived, stringedSalt);
         }
@@ -272,10 +272,10 @@ public boolean check(CharSequence plainTextPassword, String hashed)
         try
         {
             String[] parts = hashed.split("\\$");
-            if (parts.length == 5 && parts[1].equals("s0"))
+            if (parts.length == 4)
             {
-                byte[] salt = Utils.decodeBase64(parts[3]);
-                byte[] derived0 = Utils.decodeBase64(parts[4]);
+                byte[] salt = Utils.decodeBase64(parts[2]);
+                byte[] derived0 = Utils.decodeBase64(parts[3]);
                 byte[] derived1 = scrypt(Utils.fromCharSequenceToBytes(plainTextPassword), salt, derivedKeyLength);
                 return slowEquals(derived0, derived1);
             }
@@ -284,9 +284,9 @@ public boolean check(CharSequence plainTextPassword, String hashed)
                 throw new BadParametersException("Invalid hashed value");
             }
         }
-        catch (GeneralSecurityException var14)
+        catch (GeneralSecurityException gse)
         {
-            throw new IllegalStateException("JVM doesn't support SHA1PRNG or HMAC_SHA256?");
+            throw new IllegalStateException("JVM doesn't support SHA1PRNG or HMAC_SHA256?", gse);
         }
     }
 

src/test/com/password4j/PasswordTest.java

@@ -726,7 +726,7 @@ public void testScryptNonStandardParams()
         /*
          * This password hash was generated using com.lambdaworks:scrypt, which has a derived key length (dkLen) of 32 bytes.
          */
-        final String testHash = "$s0$e0801$fl+gNAicpGG4gLMkUTCvLw==$N5wE1IKsr4LPBoetJVW6jLzEH4kTVXuKGafvAA8Z+88=";
+        final String testHash = "$e0801$fl+gNAicpGG4gLMkUTCvLw==$N5wE1IKsr4LPBoetJVW6jLzEH4kTVXuKGafvAA8Z+88=";
         assertTrue(Password.check("Hello world!", testHash).with(ScryptFunction.getInstanceFromHash(testHash)));
     }
 

src/test/com/password4j/ScryptFunctionTest.java

@@ -46,8 +46,8 @@ public void testHash1()
         byte[] bytes = hash.getBytes();
 
         // THEN
-        String expected = "$s0$e0801$c2FsdA==$dFcxr0SE8yOWiWntoomu7gBbWQOsVh5kpayhIXl793NO+f1YQi4uIhg7ysup7Ie6DIO3oueI8Dzg2gZGNDPNpg==";
-        byte[] expectedBytes = Base64.getDecoder().decode(expected.split("\\$")[4]);
+        String expected = "$e0801$c2FsdA==$dFcxr0SE8yOWiWntoomu7gBbWQOsVh5kpayhIXl793NO+f1YQi4uIhg7ysup7Ie6DIO3oueI8Dzg2gZGNDPNpg==";
+        byte[] expectedBytes = Base64.getDecoder().decode(expected.split("\\$")[3]);
         Assert.assertEquals(expected, result);
         Assert.assertArrayEquals(expectedBytes, bytes);
 
@@ -61,7 +61,7 @@ public void testHash2()
 
         // WHEN
         boolean result = new ScryptFunction(16384, 8, 1)
-                .check(password, "$s0$e0801$c2FsdA==$dFcxr0SE8yOWiWntoomu7gBbWQOsVh5kpayhIXl793NO+f1YQi4uIhg7ysup7Ie6DIO3oueI8Dzg2gZGNDPNpg==");
+                .check(password, "$e0801$c2FsdA==$dFcxr0SE8yOWiWntoomu7gBbWQOsVh5kpayhIXl793NO+f1YQi4uIhg7ysup7Ie6DIO3oueI8Dzg2gZGNDPNpg==");
 
         // THEN
         Assert.assertTrue(result);
@@ -75,7 +75,7 @@ public void testHash3()
         String salt = "salt";
 
         // WHEN
-        boolean result = new ScryptFunction(16384, 8, 1).check(password, "$s0$e0801$c2FsdA==$c2FsdA==");
+        boolean result = new ScryptFunction(16384, 8, 1).check(password, "$e0801$c2FsdA==$c2FsdA==");
 
         // THEN
         Assert.assertFalse(result);
@@ -107,7 +107,7 @@ public void testWrongCheck()
         Hash hash = new ScryptFunction(16384, 8, 1).hash(password, salt);
 
         // THEN
-        Assert.assertFalse(hash.getHashingFunction().check(password, "$s0$e0801$c2FsdA==$YXNkYXNkYXNkYXNk"));
+        Assert.assertFalse(hash.getHashingFunction().check(password, "$e0801$c2FsdA==$YXNkYXNkYXNkYXNk"));
     }
 
     @Test
@@ -227,7 +227,7 @@ public void testBadParameters7()
         // GIVEN
 
         // WHEN
-        new ScryptFunction(16384, 8, 1).check("password", "$s0e0801$c2FsdA==$dFcxr0SE8yOWiWntoomu7gBbWQOsVh5kpayhIXl793NO+f1YQi4uIhg7ysup7Ie6DIO3oueI8Dzg2gZGNDPNpg==");
+        new ScryptFunction(16384, 8, 1).check("password", "$e0801c2FsdA==$dFcxr0SE8yOWiWntoomu7gBbWQOsVh5kpayhIXl793NO+f1YQi4uIhg7ysup7Ie6DIO3oueI8Dzg2gZGNDPNpg==");
     }
 
     @Test

src/test/org/example/project/PublicPasswordTest.java

@@ -32,10 +32,10 @@ public class PublicPasswordTest
             new TestSuite("$2a$14$7rdjAp2vQxO0hCK9GvniqeKURflehmGaW5C2CLOONKZauODS7xOGW", "password4j", "$2a$14$7rdjAp2vQxO0hCK9Gvniqe", null,
                     BcryptFunction.getInstance(14)),
 
-            new TestSuite("$s0$e0801$c2FsdA==$dFcxr0SE8yOWiWntoomu7gBbWQOsVh5kpayhIXl793NO+f1YQi4uIhg7ysup7Ie6DIO3oueI8Dzg2gZGNDPNpg==", "word", "salt",
+            new TestSuite("$e0801$c2FsdA==$dFcxr0SE8yOWiWntoomu7gBbWQOsVh5kpayhIXl793NO+f1YQi4uIhg7ysup7Ie6DIO3oueI8Dzg2gZGNDPNpg==", "word", "salt",
                     "pass", ScryptFunction.getInstance(16384, 8, 1)),
 
-            new TestSuite("$s0$a0402$bm90UmFuZG9t$upriFfo7v+aAUqOKDpguh0duZlAHiKcQOLM0k/xFcBg7qfRcDfYLEZe/60+b+4NtA1M70LUI0IRY+3+ybuLMZg==", "known", "notRandom",
+            new TestSuite("$a0402$bm90UmFuZG9t$upriFfo7v+aAUqOKDpguh0duZlAHiKcQOLM0k/xFcBg7qfRcDfYLEZe/60+b+4NtA1M70LUI0IRY+3+ybuLMZg==", "known", "notRandom",
                     "un", ScryptFunction.getInstance(1024, 4, 2)),
 
             new TestSuite("$argon2id$v=19$m=1024,t=3,p=12$MTExMTExMTE$0PUE8wVEaK0qdjms3b4pTZOs0+00S/+9j28WZ3gMUno", "first!", "11111111",