PHP 5.5 specifies constant PASSWORD_BCRYPT should be used in password_hash()
instead of CRYPT_BLOWFISH. Using CRYPT_BLOWFISH is not supported in either PHP
or HHVM. This constant breaks Username / Password authentication.
Details
Details
- Reviewers
epriestley btrahan - Group Reviewers
Blessed Reviewers - Commits
- Restricted Diffusion Commit
rPba956711a56b: Change password_hash() algorithm from CRYPT_BLOWFISH to PASSWORD_BCRYPT.
Login using Username/Password with bcrypt hash. Before applying the patch,
No matter what password entered, it will always fail authentication. After this
patch, user should be able to login with bcrypt hash.
Diff Detail
Diff Detail
- Repository
- rP Phabricator
- Branch
- master
- Lint
Lint Skipped - Unit
Tests Skipped - Build Status
Buildable 3 Build 3: [Placeholder Plan] Wait for 30 Seconds
Event Timeline
Comment Actions
Thanks! On my system (Zend PHP 5.5.8 on OS X), these constants both have value 1, which is how I missed this originally.