From 405208a5dec0742ab946424d6fa11b6e15d9c16b Mon Sep 17 00:00:00 2001
From: Looly <loolly@gmail.com>
Date: Sat, 8 May 2021 11:07:28 +0800
Subject: [PATCH] fix Bcrypt bug

---
 CHANGELOG.md                                                  | 1 +
 .../src/main/java/cn/hutool/crypto/digest/BCrypt.java         | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 172941f18..b8e4fd41e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@
 * 【core   】     修复Tailer无stop问题（issue#I3PQLQ@Gitee）
 * 【core   】     修复空白excel读取报错问题（issue#1552@Github）
 * 【extra  】     修复Sftp.mkDirs报错问题（issue#1536@Github）
+* 【core   】     修复Bcrypt不支持$2y$盐前缀问题（pr#1560@Github）
 
 -------------------------------------------------------------------------------------------------------------
 
diff --git a/hutool-crypto/src/main/java/cn/hutool/crypto/digest/BCrypt.java b/hutool-crypto/src/main/java/cn/hutool/crypto/digest/BCrypt.java
index 6aaf5c318..511691e16 100644
--- a/hutool-crypto/src/main/java/cn/hutool/crypto/digest/BCrypt.java
+++ b/hutool-crypto/src/main/java/cn/hutool/crypto/digest/BCrypt.java
@@ -424,7 +424,9 @@ public class BCrypt {
 			off = 3;
 		else {
 			minor = salt.charAt(2);
-			if (minor != 'a' || salt.charAt(3) != '$')
+			// pr#1560@Github
+			// 修正一个在Blowfish实现上的安全风险
+			if ((minor != 'a' && minor != 'x' && minor != 'y' && minor != 'b') || salt.charAt(3) != '$')
 				throw new IllegalArgumentException("Invalid salt revision");
 			off = 4;
 		}