Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security/Core] Fix checking for SHA256/SHA512 passwords #34763

Merged

Conversation

@dbrooksjr
Copy link

dbrooksjr commented Dec 2, 2019

Q A
Branch? 4.4
Bug fix? yes
New feature? no
Deprecations? no
Tickets Fix #...
License MIT
Doc PR symfony/symfony-docs#...
Copy link
Member

nicolas-grekas left a comment

SodiumPasswordEncoder needs something similar.

Copy link
Member

nicolas-grekas left a comment

As a bugfix on 4.4

@nicolas-grekas nicolas-grekas added this to the 4.4 milestone Dec 3, 2019
@nicolas-grekas nicolas-grekas changed the title Add support for validating SHA256/SHA512 passwords [Security/Core] Fix checking for SHA256/SHA512 passwords Dec 3, 2019
@nicolas-grekas nicolas-grekas changed the base branch from master to 4.4 Dec 3, 2019
@nicolas-grekas nicolas-grekas changed the base branch from 4.4 to master Dec 3, 2019
@nicolas-grekas nicolas-grekas force-pushed the dbrooksjr:address-sha256-sha512-passwords branch from 4258b5e to b8ce30f Dec 3, 2019
@nicolas-grekas nicolas-grekas changed the base branch from master to 4.4 Dec 3, 2019
@nicolas-grekas nicolas-grekas force-pushed the dbrooksjr:address-sha256-sha512-passwords branch from b8ce30f to 5acf549 Dec 3, 2019
@nicolas-grekas nicolas-grekas force-pushed the dbrooksjr:address-sha256-sha512-passwords branch from 5acf549 to 799c85b Dec 3, 2019
@nicolas-grekas

This comment has been minimized.

Copy link
Member

nicolas-grekas commented Dec 3, 2019

Thank you @dbrooksjr.

nicolas-grekas added a commit that referenced this pull request Dec 3, 2019
…David Brooks)

This PR was merged into the 4.4 branch.

Discussion
----------

[Security/Core] Fix checking for SHA256/SHA512 passwords

| Q             | A
| ------------- | ---
| Branch?       | 4.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License       | MIT
| Doc PR        | symfony/symfony-docs#... <!-- required for new features -->
<!--
The code to validate bcrypt passwords (#31763) needs to include SHA256 and SHA512-hashed passwords.  These are used on RedHat (and derived) systems.

Since SHA256/512 don't appear to have a limit of 72 characters, I simply created a new if() block.
-->

Commits
-------

799c85b [Security/Core] Fix checking for SHA256/SHA512 passwords
@nicolas-grekas nicolas-grekas merged commit 799c85b into symfony:4.4 Dec 3, 2019
1 of 3 checks passed
1 of 3 checks passed
continuous-integration/appveyor/pr Waiting for AppVeyor build to complete
Details
continuous-integration/travis-ci/pr The Travis CI build is in progress
Details
fabbot.io Your code looks good.
Details
@dbrooksjr dbrooksjr deleted the dbrooksjr:address-sha256-sha512-passwords branch Dec 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.