Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

password_hash: Update script to generate cost recommendations #2784

Merged
merged 1 commit into from
Sep 22, 2023
Merged

password_hash: Update script to generate cost recommendations #2784

merged 1 commit into from
Sep 22, 2023

Conversation

TimWolla
Copy link
Member

50 ms is way to short to generate actually secure hashes. Update the recommendation to 350 ms with a starting cost of 10 (the current default) and example output of 12.

see https://wiki.php.net/rfc/bcrypt_cost_2023

/cc @roycewilliams

@TimWolla
password_hash: Update script to generate cost recommendations
385a3de 
50 ms is way to short to generate actually secure hashes. Update the
recommendation to 350 ms with a starting cost of 10 (the current default) and
example output of 12.

see https://wiki.php.net/rfc/bcrypt_cost_2023
TimWolla added a commit to TimWolla/php-doc-en that referenced this pull request Sep 22, 2023
@TimWolla
password_needs_rehash: Fix example
12a6171 
The old example was broken, because the `cost` option is only valid for bcrypt,
but not for argon2. Thus in case the default algorithm actually changes, the
example would be broken.

Also update the example costs with 12 as per php#2784.
@TimWolla TimWolla mentioned this pull request Sep 22, 2023
Merged
Girgias
Girgias approved these changes Sep 22, 2023
View reviewed changes
Copy link
Member

@Girgias Girgias left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice to get rid of the personalisation too (usage of you in the docs)

@Girgias Girgias merged commit c6b9528 into php:master Sep 22, 2023
2 checks passed
Girgias pushed a commit that referenced this pull request Sep 22, 2023
@TimWolla
password_needs_rehash: Fix example (#2786)
c3dce34 
The old example was broken, because the `cost` option is only valid for bcrypt,
but not for argon2. Thus in case the default algorithm actually changes, the
example would be broken.

Also update the example costs with 12 as per #2784.
@TimWolla TimWolla deleted the password-hash-cost branch October 18, 2023 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Girgias Girgias Girgias approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TimWolla @Girgias