Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
[Security] Add Argon2idPasswordEncoder#30968
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
ac746ec to7e82a64Comparesrc/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
fabpot commentedApr 8, 2019
Thank you@chalasr. |
This PR was merged into the 4.3-dev branch.Discussion----------[Security] Add Argon2idPasswordEncoder| Q | A| ------------- | ---| Branch? | master| Bug fix? | no| New feature? | yes| BC breaks? | no| Deprecations? | yes| Tests pass? | yes| Fixed tickets |#28093| License | MIT| Doc PR | TODOCurrently we have a `Argon2iPasswordEncoder` that may hash passwords using `argon2id` instead of `argon2i` (platform-dependent) which is not good.This deprecates producing/validating `argon2id` hashed passwords using the `Argon2iPasswordEncoder`, and adds a `Argon2idPasswordEncoder` able to produce/validate `argon2id` hashed passwords only.#EUFOSSACommits-------0c82173 [Security] Add Argon2idPasswordEncoder
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.phpShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
| publicfunctiontestEncodersWithArgon2id() | ||
| { | ||
| if (!Argon2idPasswordEncoder::isSupported()) { | ||
| $this->markTestSkipped('Argon2i algorithm is not supported.'); |
bigfoot90Apr 10, 2019 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Argon2id algorithm is not supported.
Currently we have a
Argon2iPasswordEncoderthat may hash passwords usingargon2idinstead ofargon2i(platform-dependent) which is not good.This deprecates producing/validating
argon2idhashed passwords using theArgon2iPasswordEncoder, and adds aArgon2idPasswordEncoderable to produce/validateargon2idhashed passwords only.#EUFOSSA