HomePhabricator
Diffusion Phabricator ba956711a56b

Change password_hash() algorithm from CRYPT_BLOWFISH to PASSWORD_BCRYPT.
ba956711a56b
Actions

Description

Change password_hash() algorithm from CRYPT_BLOWFISH to PASSWORD_BCRYPT.

Summary:
PHP 5.5 specifies constant PASSWORD_BCRYPT should be used in password_hash()
instead of CRYPT_BLOWFISH. Using CRYPT_BLOWFISH is not supported in either PHP
or HHVM. This constant breaks Username / Password authentication.

Test Plan:
Login using Username/Password with bcrypt hash. Before applying the patch,
No matter what password entered, it will always fail authentication. After this
patch, user should be able to login with bcrypt hash.

Reviewers: btrahan, epriestley, Blessed Reviewers

Reviewed By: epriestley, Blessed Reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8808

Details

Provenance
wenyuAuthored on
epriestleyCommitted on Apr 18 2014, 8:38 PM
epriestleyPushed on Apr 18 2014, 8:38 PM
Reviewer
Blessed Reviewers
Differential Revision
D8808: Change password_hash() algorithm from CRYPT_BLOWFISH to PASSWORD_BCRYPT.
Parents
rP35df988036f7: Use standard UI elements to render pull requests in Releeph
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (1)

PathSize
src/
infrastructure/
util/
password/

rPba956711a56b

View Options

src/infrastructure/util/password/PhabricatorBcryptPasswordHasher.php

Loading...
Phabricator ยท Built by Phacility