From: Daniel Supernault Date: Mon, 12 Mar 2018 02:39:47 +0000 (-0600) Subject: [CORE] Add Argon2I support X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=c09f1c24436ceb2ba4063e12e545c537b45008a3;p=quix0rs-gnu-social.git [CORE] Add Argon2I support Add Argon2I support, disabled by default. --- diff --git a/plugins/AuthCrypt/AuthCryptPlugin.php b/plugins/AuthCrypt/AuthCryptPlugin.php index cae1973c38..388040bd4d 100644 --- a/plugins/AuthCrypt/AuthCryptPlugin.php +++ b/plugins/AuthCrypt/AuthCryptPlugin.php @@ -36,6 +36,7 @@ class AuthCryptPlugin extends AuthenticationPlugin protected $hash = '$6$'; // defaults to SHA512, i.e. '$6$', in onInitializePlugin() protected $statusnet = true; // if true, also check StatusNet style password hash protected $overwrite = true; // if true, password change means overwrite with crypt() + protected $argon = false; // Use Argon if supported. public $provider_name = 'password_hash'; // not actually used @@ -115,10 +116,16 @@ class AuthCryptPlugin extends AuthenticationPlugin public function hashPassword($password, Profile $profile=null) { if(function_exists('password_hash')) { + + $algorithm = PASSWORD_DEFAULT; + + if($this->argon && version_compare(PHP_VERSION, '7.2.0') == 1) { + $algorithm = PASSWORD_ARGON2I; + } // Use the modern password hashing algorithm // http://php.net/manual/en/function.password-hash.php // Uses PASSWORD_BCRYPT by default, with PASSWORD_ARGON2I being the next possible default in future versions - return password_hash($password, PASSWORD_DEFAULT); + return password_hash($password, $algorithm); } else { // Fallback to previous hashing function if phpversion() < 5.5 // A new, unique salt per new record stored...