Implement BcryptSha Hashing & Harden Verification Checks #7141
Conversation
* Zend Framework (http://framework.zend.com/) | ||
* | ||
* @link http://github.com/zendframework/zf2 for the canonical source repository | ||
* @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2015
…ger password >72 chars to acceptable length
002f045
to
81d94a4
Compare
For the inevitable commenters who have read: http://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html — this patch follows the practices outlined in Anthony's post already. |
Implement BcryptSha Hashing & Harden Verification Checks
Merged to develop for release with 2.4; @padraic — please provide documentation in the zf2-documentation repo. :) |
…secimprov Implement BcryptSha Hashing & Harden Verification Checks
This PR, as discussed, implements several security improvements:
Noting PR is against master at present.