Sorry, I see I wasn’t very clear in my earlier posts.
(And yes, a TAOW case has been opened).
We have been using Generate password hash for our own 4D login system for a couple of years.
We made a 4D method to call Generate password hash, so we would always use the same settings - bcrypt, cost 12.
All native 4D code, no problems to date.
We just began using it for web based users. Our web solution is based on Active4D.
Prior to this we had used TEA encrypt/decrypt code posted to the 4D community many years ago.
Now we don’t want to store decryptable passwords, so we’re using Generate password hash.
We are seeing it fail on a single, short (bad) password, when logging in from the web.
It does not fail if we use that same password for our home-grown 4D login.
The customer wants it fixed, and the customer is always right!
We had trouble reproducing the error on our own systems, so we were attempting some tests on their system.
One way to do that is to create a SuperReport to call the password hashing and verifying routines.
We also tried it from an execute command utility we have in our 4D app. It also throws an error there.
It seems like it might be related to calling the code indirectly - from execute or from a plugin.