Page MenuHomePhabricator
Differential D8808

Change password_hash() algorithm from CRYPT_BLOWFISH to PASSWORD_BCRYPT.
ClosedPublic
Actions

Authored by wenyu on Apr 18 2014, 8:36 PM.
Tags
None
Referenced Files
F14064859: D8808.diff
Tue, Nov 19, 1:41 AM
F14014366: D8808.id20907.diff
Sun, Nov 3, 2:03 AM
F14014365: D8808.id20906.diff
Sun, Nov 3, 2:03 AM
F14014364: D8808.id.diff
Sun, Nov 3, 2:03 AM
F14013017: D8808.diff
Fri, Nov 1, 11:08 PM
F13999138: D8808.diff
Thu, Oct 24, 1:02 PM
F13993239: D8808.diff
Tue, Oct 22, 9:38 PM
F13982430: D8808.id20906.diff
Oct 19 2024, 11:13 PM
View All Files
Subscribers
epriestley
Korvin

Details

Reviewers
epriestley
btrahan
Group Reviewers
Blessed Reviewers
Commits
Restricted Diffusion Commit
rPba956711a56b: Change password_hash() algorithm from CRYPT_BLOWFISH to PASSWORD_BCRYPT.
Summary

PHP 5.5 specifies constant PASSWORD_BCRYPT should be used in password_hash()
instead of CRYPT_BLOWFISH. Using CRYPT_BLOWFISH is not supported in either PHP
or HHVM. This constant breaks Username / Password authentication.

Test Plan

Login using Username/Password with bcrypt hash. Before applying the patch,
No matter what password entered, it will always fail authentication. After this
patch, user should be able to login with bcrypt hash.

Diff Detail

Repository
rP Phabricator
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

wenyu updated this revision to Diff 20906.Apr 18 2014, 8:36 PM
wenyu retitled this revision from to Change password_hash() algorithm from CRYPT_BLOWFISH to PASSWORD_BCRYPT..
wenyu updated this object.
wenyu edited the test plan for this revision. (Show Details)
wenyu added reviewers: epriestley, btrahan.
Herald added a reviewer: Blessed Reviewers. · View Herald TranscriptApr 18 2014, 8:36 PM
Herald added subscribers: Korvin, epriestley. · View Herald Transcript
Harbormaster completed remote builds in B3: Diff 20906.Apr 18 2014, 8:37 PM
epriestley accepted this revision.Apr 18 2014, 8:38 PM
epriestley edited edge metadata.

Thanks! On my system (Zend PHP 5.5.8 on OS X), these constants both have value 1, which is how I missed this originally.

This revision is now accepted and ready to land.Apr 18 2014, 8:38 PM
epriestley closed this revision.Apr 18 2014, 8:38 PM
epriestley updated this revision to Diff 20907.

Closed by commit rPba956711a56b (authored by @wenyu, committed by @epriestley).

Revision Contents
Changeset List

PathSize
src/
infrastructure/
util/
password/
2 lines

Diff 20907

View Options

src/infrastructure/util/password/PhabricatorBcryptPasswordHasher.php

Loading...
Phabricator · Built by Phacility