Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for argon2i and argon2id password hashes to PassHash.ph… #2957

Merged
merged 3 commits into from
Jan 15, 2020
Merged

Added support for argon2i and argon2id password hashes to PassHash.ph… #2957

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1f993c3
Added support for argon2i and argon2id password hashes to PassHash.ph…
einhirn Jan 9, 2020
38a4a86
Added password change support for argon2i/argon2id, added matching co…
einhirn Jan 9, 2020
b9b08db
removed unused 'salt' parameter from function definition...
einhirn Jan 9, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
42 changes: 42 additions & 0 deletions inc/PassHash.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,11 @@ public function verify_hash($clear, $hash) {
$method = 'sha512';
$salt = $m[2];
$magic = $m[1];
} elseif(preg_match('/^\$(argon2id?)/', $hash, $m)) {
if(!defined('PASSWORD_'.strtoupper($m[1]))) {
throw new \Exception('This PHP installation has no '.strtoupper($m[1]).' support');
}
return password_verify($clear,$hash);
} elseif($len == 32) {
$method = 'md5';
} elseif($len == 40) {
Expand Down Expand Up @@ -591,6 +596,43 @@ public function hash_mediawiki($clear, $salt = null) {
return ':B:'.$salt.':'.md5($salt.'-'.md5($clear));
}


/**
* Password hashing method 'argon2i'
*
* Uses php's own password_hash function to create argon2i password hash
* Default Cost and thread options are used for now.
*
* @link https://www.php.net/manual/de/function.password-hash.php
*
* @param string $clear The clear text to hash
* @return string Hashed password
*/
public function hash_argon2i($clear) {
if(!defined('PASSWORD_ARGON2I')) {
throw new \Exception('This PHP installation has no ARGON2I support');
}
return password_hash($clear,PASSWORD_ARGON2I);
}

/**
* Password hashing method 'argon2id'
*
* Uses php's own password_hash function to create argon2id password hash
* Default Cost and thread options are used for now.
*
* @link https://www.php.net/manual/de/function.password-hash.php
*
* @param string $clear The clear text to hash
* @return string Hashed password
*/
public function hash_argon2id($clear) {
if(!defined('PASSWORD_ARGON2ID')) {
throw new \Exception('This PHP installation has no ARGON2ID support');
}
return password_hash($clear,PASSWORD_ARGON2ID);
}

/**
* Wraps around native hash_hmac() or reimplents it
*
Expand Down
2 changes: 1 addition & 1 deletion lib/plugins/config/settings/config.metadata.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@
$meta['authtype'] = array('authtype','_caution' => 'danger');
$meta['passcrypt'] = array('multichoice','_choices' => array(
'smd5','md5','apr1','sha1','ssha','lsmd5','crypt','mysql','my411','kmd5','pmd5','hmd5',
'mediawiki','bcrypt','djangomd5','djangosha1','djangopbkdf2_sha1','djangopbkdf2_sha256','sha512'
'mediawiki','bcrypt','djangomd5','djangosha1','djangopbkdf2_sha1','djangopbkdf2_sha256','sha512','argon2i','argon2id'
));
$meta['defaultgroup']= array('string');
$meta['superuser'] = array('string','_caution' => 'danger');
Expand Down