Skip to content

[Security\Core] Make SodiumPasswordEncoder validate BCrypt-ed passwords #31763

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 31, 2019
Merged

[Security\Core] Make SodiumPasswordEncoder validate BCrypt-ed passwords #31763

merged 1 commit into from
May 31, 2019

Conversation

nicolas-grekas
Copy link
Member

Q A
Branch? 4.3
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #31758
License MIT
Doc PR -

Otherwise, the promise of the "auto" mode doesn't work.

@nicolas-grekas nicolas-grekas added this to the 4.3 milestone May 31, 2019
@chalasr
Copy link
Member

chalasr commented May 31, 2019

Thank you @nicolas-grekas.

@chalasr chalasr merged commit c0fc456 into symfony:4.3 May 31, 2019
chalasr pushed a commit that referenced this pull request May 31, 2019
bug #31763 [Security\Core] Make SodiumPasswordEncoder validate BCrypt…
1318d3b 
…-ed passwords (nicolas-grekas)

This PR was merged into the 4.3 branch.

Discussion
----------

[Security\Core] Make SodiumPasswordEncoder validate BCrypt-ed passwords

| Q             | A
| ------------- | ---
| Branch?       | 4.3
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #31758
| License       | MIT
| Doc PR        | -

Otherwise, the promise of the "auto" mode doesn't work.

Commits
-------

c0fc456 [Security\Core] Make SodiumPasswordEncoder validate BCrypt-ed passwords
@nicolas-grekas nicolas-grekas deleted the sec-sodium-bcrypt branch May 31, 2019 10:02
@yceruto yceruto mentioned this pull request May 31, 2019
Closed
@fabpot fabpot mentioned this pull request Jun 6, 2019
Merged
nicolas-grekas added a commit that referenced this pull request Dec 3, 2019
@nicolas-grekas
bug #34763 [Security/Core] Fix checking for SHA256/SHA512 passwords (…
0a9a6ba 
…David Brooks)

This PR was merged into the 4.4 branch.

Discussion
----------

[Security/Core] Fix checking for SHA256/SHA512 passwords

| Q             | A
| ------------- | ---
| Branch?       | 4.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License       | MIT
| Doc PR        | symfony/symfony-docs#... <!-- required for new features -->
<!--
The code to validate bcrypt passwords (#31763) needs to include SHA256 and SHA512-hashed passwords.  These are used on RedHat (and derived) systems.

Since SHA256/512 don't appear to have a limit of 72 characters, I simply created a new if() block.
-->

Commits
-------

799c85b [Security/Core] Fix checking for SHA256/SHA512 passwords
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chalasr chalasr chalasr approved these changes

Assignees
No one assigned
Labels
Bug Security Status: Reviewed
Projects
None yet
Milestone
4.3
Development

Successfully merging this pull request may close these issues.
3 participants
@nicolas-grekas @chalasr @carsonbot