From 2aadb30e74ef06f2e716b2fe37564d78d8c064d3 Mon Sep 17 00:00:00 2001 From: kenjis Date: Tue, 15 Nov 2022 09:12:26 +0900 Subject: [PATCH 1/2] docs: update doc comments on hashing algorithm --- src/Config/Auth.php | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/src/Config/Auth.php b/src/Config/Auth.php index 7d40bf424..2c094c9ea 100644 --- a/src/Config/Auth.php +++ b/src/Config/Auth.php @@ -278,30 +278,23 @@ class Auth extends BaseConfig /** * -------------------------------------------------------------------- - * Encryption Algorithm to use + * Hashing Algorithm to use * -------------------------------------------------------------------- * Valid values are * - PASSWORD_DEFAULT (default) * - PASSWORD_BCRYPT * - PASSWORD_ARGON2I - As of PHP 7.2 only if compiled with support for it * - PASSWORD_ARGON2ID - As of PHP 7.3 only if compiled with support for it - * - * If you choose to use any ARGON algorithm, then you might want to - * uncomment the "ARGON2i/D Algorithm" options to suit your needs */ public string $hashAlgorithm = PASSWORD_DEFAULT; /** * -------------------------------------------------------------------- - * ARGON2i/D Algorithm options + * ARGON2I/ARGON2ID Algorithm options * -------------------------------------------------------------------- - * The ARGON2I method of encryption allows you to define the "memory_cost", + * The ARGON2I method of hashing allows you to define the "memory_cost", * the "time_cost" and the number of "threads", whenever a password hash is * created. - * This defaults to a value of 10 which is an acceptable number. - * However, depending on the security needs of your application - * and the power of your hardware, you might want to increase the - * cost. This makes the hashing process takes longer. */ public int $hashMemoryCost = 2048; // PASSWORD_ARGON2_DEFAULT_MEMORY_COST; @@ -310,9 +303,9 @@ class Auth extends BaseConfig /** * -------------------------------------------------------------------- - * Password Hashing Cost + * BCRYPT Algorithm options * -------------------------------------------------------------------- - * The BCRYPT method of encryption allows you to define the "cost" + * The BCRYPT method of hashing allows you to define the "cost" * or number of iterations made, whenever a password hash is created. * This defaults to a value of 10 which is an acceptable number. * However, depending on the security needs of your application From 5483ecac201e0d184e69ec01512a3b6e2411b80e Mon Sep 17 00:00:00 2001 From: kenjis Date: Tue, 15 Nov 2022 09:13:15 +0900 Subject: [PATCH 2/2] docs: update values for ARGON2I/ARGON2ID Algorithm options --- src/Config/Auth.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Config/Auth.php b/src/Config/Auth.php index 2c094c9ea..7ef2cd9bf 100644 --- a/src/Config/Auth.php +++ b/src/Config/Auth.php @@ -296,10 +296,10 @@ class Auth extends BaseConfig * the "time_cost" and the number of "threads", whenever a password hash is * created. */ - public int $hashMemoryCost = 2048; // PASSWORD_ARGON2_DEFAULT_MEMORY_COST; + public int $hashMemoryCost = 65536; // PASSWORD_ARGON2_DEFAULT_MEMORY_COST; - public int $hashTimeCost = 4; // PASSWORD_ARGON2_DEFAULT_TIME_COST; - public int $hashThreads = 4; // PASSWORD_ARGON2_DEFAULT_THREADS; + public int $hashTimeCost = 4; // PASSWORD_ARGON2_DEFAULT_TIME_COST; + public int $hashThreads = 1; // PASSWORD_ARGON2_DEFAULT_THREADS; /** * --------------------------------------------------------------------