Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] Add Argon2idPasswordEncoder #30968

Merged
merged 1 commit into from Apr 8, 2019

Conversation

@chalasr
Copy link
Member

commented Apr 7, 2019

Q A
Branch? master
Bug fix? no
New feature? yes
BC breaks? no
Deprecations? yes
Tests pass? yes
Fixed tickets #28093
License MIT
Doc PR TODO

Currently we have a Argon2iPasswordEncoder that may hash passwords using argon2id instead of argon2i (platform-dependent) which is not good.
This deprecates producing/validating argon2id hashed passwords using the Argon2iPasswordEncoder, and adds a Argon2idPasswordEncoder able to produce/validate argon2id hashed passwords only.

#EUFOSSA

@chalasr chalasr added this to the next milestone Apr 7, 2019

@chalasr chalasr force-pushed the chalasr:argon2id branch 4 times, most recently from ac746ec to 7e82a64 Apr 7, 2019

@chalasr chalasr force-pushed the chalasr:argon2id branch from 7e82a64 to 0c82173 Apr 7, 2019

Show resolved Hide resolved UPGRADE-5.0.md
@fabpot

fabpot approved these changes Apr 8, 2019

@fabpot

This comment has been minimized.

Copy link
Member

commented Apr 8, 2019

Thank you @chalasr.

@fabpot fabpot merged commit 0c82173 into symfony:master Apr 8, 2019

1 of 3 checks passed

continuous-integration/appveyor/pr AppVeyor build failed
Details
continuous-integration/travis-ci/pr The Travis CI build failed
Details
fabbot.io Your code looks good.
Details

fabpot added a commit that referenced this pull request Apr 8, 2019

feature #30968 [Security] Add Argon2idPasswordEncoder (chalasr)
This PR was merged into the 4.3-dev branch.

Discussion
----------

[Security] Add Argon2idPasswordEncoder

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | yes
| Tests pass?   | yes
| Fixed tickets | #28093
| License       | MIT
| Doc PR        | TODO

Currently we have a `Argon2iPasswordEncoder` that may hash passwords using `argon2id` instead of `argon2i` (platform-dependent) which is not good.
This deprecates producing/validating `argon2id` hashed passwords using the `Argon2iPasswordEncoder`, and adds a `Argon2idPasswordEncoder` able to produce/validate `argon2id` hashed passwords only.

#EUFOSSA

Commits
-------

0c82173 [Security] Add Argon2idPasswordEncoder

@chalasr chalasr deleted the chalasr:argon2id branch Apr 8, 2019

public function testEncodersWithArgon2id()
{
if (!Argon2idPasswordEncoder::isSupported()) {
$this->markTestSkipped('Argon2i algorithm is not supported.');

This comment has been minimized.

Copy link
@bigfoot90

bigfoot90 Apr 10, 2019

Argon2id algorithm is not supported.

@nicolas-grekas nicolas-grekas modified the milestones: next, 4.3 Apr 30, 2019

@fabpot fabpot referenced this pull request May 9, 2019

Merged

Release v4.3.0-BETA1 #31435

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.