gnu-social

GNUsocial/gnu-social

Fork 1

Commit Graph

Author	SHA1	Message	Date
Alexei Sorokin	2861ae2823	[AuthCrypt] Password storage and comparison improvements Password hashes are now stored in a TEXT attribute, not limited to 199 symbols. That limitation makes no sense as password hashes are not the kind of information to be indexed. Actually replace crypt() with password_verify() for password checking, current code left password_verify() unused. Only update passwords when they use a different algorithm from the current default. Previously "overwrite" meant rehashing every login. Replace the "argon" boolean option with "algorithm" and "algorithm_options" for better configurability. The default remains whichever is default for PHP's password_hash.	2020-07-25 20:16:21 +03:00
Diogo Cordeiro	0b947ce2c7	[AuthCrypt] Update README and fix formatting	2020-07-25 17:42:46 +01:00

Author

SHA1

Message

Date

Alexei Sorokin

2861ae2823

[AuthCrypt] Password storage and comparison improvements

Password hashes are now stored in a TEXT attribute, not limited to 199 symbols.
That limitation makes no sense as password hashes are not the kind of
information to be indexed.

Actually replace crypt() with password_verify() for password checking, current
code left password_verify() unused.

Only update passwords when they use a different algorithm from the current
default. Previously "overwrite" meant rehashing every login.

Replace the "argon" boolean option with "algorithm" and "algorithm_options" for
better configurability.
The default remains whichever is default for PHP's password_hash.

2020-07-25 20:16:21 +03:00

Diogo Cordeiro

0b947ce2c7

[AuthCrypt] Update README and fix formatting

2020-07-25 17:42:46 +01:00

2 Commits