Matt Robinson inanimatt

Organizations

@tuimedia
@inanimatt
  • @inanimatt 4095d04
    Fix deprecation warning in sf 2.2+
inanimatt commented on pull request symfony/symfony#14032
@inanimatt

Nice work, @ogizanagi, it's very much improved. And thanks again (and sorry) to @saro0h for the initial work on this. We got there in the end :)

inanimatt commented on pull request symfony/symfony#14032
@inanimatt

Very minor point: "The command will generate a salt for you" would be more simple and more correct (otherwise "take care of") :smile:

inanimatt commented on pull request symfony/symfony#14032
@inanimatt

Thank you @fabpot @javiereguiluz "never assume anything on behalf of the developer" is a guideline. It's a great guideline. But it's not dogma. I …

inanimatt commented on pull request symfony/symfony#14032
@inanimatt

@javiereguiluz I agree very strongly with the first two bullets, but not with the last one. I really don't see the value of being able to specify a…

inanimatt commented on issue symfony/symfony#13988
@inanimatt

Yeah I dunno, I kinda give up. All I can think of as a straightforward solution is… if the encoderfactory gives back an instance of bcryptpassworde…

inanimatt commented on issue symfony/symfony#13988
@inanimatt

@ogizanagi - yep, kill the salt option. But then… I think the common case is "someone wants a bcrypt hash to put into security.yml/database" - so t…

inanimatt commented on issue symfony/symfony#13988
@inanimatt

@ircmaxell Trying to be pragmatic, what I'm proposing is that the command never asks the user for a salt - it'll generate one if it needs to, and d…

inanimatt deleted branch patch-3 at inanimatt/symfony
inanimatt commented on pull request symfony/symfony#14018
@inanimatt

I should probably add that this is related to #13988

inanimatt opened pull request symfony/symfony#14018
@inanimatt
Improve entropy of generated salt
1 commit with 1 addition and 1 deletion
@inanimatt
  • @inanimatt d9b2500
    Improve entropy of generated salt
inanimatt commented on issue symfony/symfony#13988
@inanimatt

Thanks for putting up with me. I'm almost done. I'll make another issue to improve the generated salt. Seems like a lot of fuss, but… okay :) I agr…

inanimatt commented on issue symfony/symfony#13988
@inanimatt

I wanted to stop after that last comment, honest I did. @ogizanagi what do you mean will not fail? They won't throw an exception, but you also won'…

inanimatt commented on issue symfony/symfony#13988
@inanimatt

@ogizanagi Yep, of the built-in encoders, both MessageDigestPasswordEncoder and Pbkdf2PasswordEncoder require a salt to be present, and neither che…

inanimatt commented on issue symfony/symfony#13988
@inanimatt

@ogizanagi … but then all the other encoders would fail, wouldn't they? :)

inanimatt commented on issue symfony/symfony#13988
@inanimatt

@saro0h I definitely want it to be that simple too! :smile: But forcing our own salt on the bcrypt encoder seems like a bad idea. I'm nearly certain that

inanimatt commented on issue symfony/symfony#13988
@inanimatt

@ogizanagi oh yes, that's the encoder's behaviour 100% agreed, but I think this command will try to provide a generated salt, which would override …

inanimatt commented on issue symfony/symfony#13988
@inanimatt

One thing that's bothering me (at the risk of invoking @ircmaxell) … with the bcrypt encoder (which uses password_hash($pw, PASSWORD_BCRYPT), my un…

inanimatt commented on issue symfony/symfony#13988
@inanimatt

This looks good to me - @ogizanagi ? One thing: I do wonder if you should need to specify --generate-salt… I haven't thought this through very dee…

inanimatt commented on issue symfony/symfony#13988
@inanimatt

Beat me to it, and in a much more complete way <3

@inanimatt

Also didn't mean to sound negative, this is a great idea and a useful contribution, thanks!

@inanimatt

Why allow salt to be specified? In fact it's required if you don't want to give command line input? Traditionally people generate weaker salts than…

@inanimatt
More helpful error response
inanimatt commented on issue atst/stack-backstage#3
@inanimatt

Works for me! And no additional load when out of maintenance is plenty elegant enough for me. Thanks <3

inanimatt commented on issue atst/stack-backstage#3
@inanimatt

Well… poop. Short of restarting php-fpm, I’m out of ideas! On 5 Mar 2015, at 15:14, Dave Marshall notifications@github.com wrote: That wouldn't cl…

inanimatt commented on issue atst/stack-backstage#3
@inanimatt

Yeah it doesn’t strike me as particularly elegant either, though it’s not the whole stat cache, at least. The only other way I can think of dealing…