Skip to content

[Security/Core] Fix checking for SHA256/SHA512 passwords #34763

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 3, 2019
Merged

[Security/Core] Fix checking for SHA256/SHA512 passwords #34763

merged 1 commit into from
Dec 3, 2019
+23 −5

Conversation

dbrooksjr
Copy link

Q A
Branch? 4.4
Bug fix? yes
New feature? no
Deprecations? no
Tickets Fix #...
License MIT
Doc PR symfony/symfony-docs#...

nicolas-grekas
nicolas-grekas reviewed Dec 2, 2019
View reviewed changes
Copy link
Member

@nicolas-grekas nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SodiumPasswordEncoder needs something similar.

nicolas-grekas
nicolas-grekas approved these changes Dec 3, 2019
View reviewed changes
Copy link
Member

@nicolas-grekas nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As a bugfix on 4.4

@nicolas-grekas nicolas-grekas added this to the 4.4 milestone Dec 3, 2019
@nicolas-grekas nicolas-grekas changed the title Add support for validating SHA256/SHA512 passwords [Security/Core] Fix checking for SHA256/SHA512 passwords Dec 3, 2019
@nicolas-grekas nicolas-grekas changed the base branch from master to 4.4 December 3, 2019 08:50
@nicolas-grekas nicolas-grekas changed the base branch from 4.4 to master December 3, 2019 08:50
@nicolas-grekas nicolas-grekas force-pushed the address-sha256-sha512-passwords branch from 4258b5e to b8ce30f Compare December 3, 2019 14:55
@nicolas-grekas nicolas-grekas changed the base branch from master to 4.4 December 3, 2019 14:56
@nicolas-grekas nicolas-grekas force-pushed the address-sha256-sha512-passwords branch from b8ce30f to 5acf549 Compare December 3, 2019 14:56
@nicolas-grekas nicolas-grekas force-pushed the address-sha256-sha512-passwords branch from 5acf549 to 799c85b Compare December 3, 2019 14:57
@nicolas-grekas
Copy link
Member

Thank you @dbrooksjr.

nicolas-grekas added a commit that referenced this pull request Dec 3, 2019
@nicolas-grekas
bug #34763 [Security/Core] Fix checking for SHA256/SHA512 passwords (…
0a9a6ba 
…David Brooks)

This PR was merged into the 4.4 branch.

Discussion
----------

[Security/Core] Fix checking for SHA256/SHA512 passwords

| Q             | A
| ------------- | ---
| Branch?       | 4.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License       | MIT
| Doc PR        | symfony/symfony-docs#... <!-- required for new features -->
<!--
The code to validate bcrypt passwords (#31763) needs to include SHA256 and SHA512-hashed passwords.  These are used on RedHat (and derived) systems.

Since SHA256/512 don't appear to have a limit of 72 characters, I simply created a new if() block.
-->

Commits
-------

799c85b [Security/Core] Fix checking for SHA256/SHA512 passwords
@nicolas-grekas nicolas-grekas merged commit 799c85b into symfony:4.4 Dec 3, 2019
@dbrooksjr dbrooksjr deleted the address-sha256-sha512-passwords branch December 3, 2019 15:01
This was referenced Dec 19, 2019
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stof stof stof requested changes

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

Assignees
No one assigned
Labels
Bug Status: Reviewed
Projects
None yet
Milestone
4.4
Development

Successfully merging this pull request may close these issues.
4 participants
@dbrooksjr @nicolas-grekas @stof @carsonbot