Skip to content

[Security] Outsource all the BCrypt heavy lifting to a library #7853

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 25, 2013
Merged

[Security] Outsource all the BCrypt heavy lifting to a library #7853

merged 2 commits into from
Apr 25, 2013

Conversation

fabpot
Copy link
Member

@fabpot fabpot commented Apr 25, 2013

Q A
Bug fix? no
New feature? no
BC breaks? yes
Deprecations? no
Tests pass? yes
License MIT

The BCrypt bundle is already using the library.

This is a working implementation of #7247

@fabpot fabpot mentioned this pull request Apr 25, 2013
Closed
fabpot added a commit that referenced this pull request Apr 25, 2013
@fabpot
merged branch fabpot/bcrypt (PR #7853)
ccc52a4 
This PR was merged into the master branch.

Discussion
----------

[Security] Outsource all the BCrypt heavy lifting to a library

| Q             | A
| ------------- | ---
| Bug fix?      | no
| New feature?  | no
| BC breaks?    | yes
| Deprecations? | no
| Tests pass?   | yes
| License       | MIT

The [BCrypt bundle](https://github.com/elnur/ElnurBlowfishPasswordEncoderBundle) is already using the library.

This is a working implementation of #7247

Commits
-------

c83546d [Security] tweaked previous commit
b2e553a Outsource all the BCrypt heavy lifting to a library
@fabpot fabpot closed this Apr 25, 2013
@fabpot fabpot merged commit c83546d into symfony:master Apr 25, 2013
@sstok
Copy link
Contributor

sstok commented Apr 26, 2013

Shouldn't you mention in the changelog that the password-compat library must be installed when using bcrypt and
not using php 5.5?

@fabpot
Copy link
Member Author

fabpot commented Apr 26, 2013

@sstok: done

fabpot added a commit that referenced this pull request Apr 26, 2013
@fabpot
[Security] added more info about the BCrypt change (refs #7853)
d59ffc9
fabpot added a commit that referenced this pull request Apr 26, 2013
@fabpot
[Security] added an exception when the BCrypt encoder cannot be used …
aae9afb 
…(refs #7853)
@fabpot
Copy link
Member Author

fabpot commented Apr 26, 2013

I've also added an exception when the BCrypt encoder cannot be used.

@masterkaos masterkaos mentioned this pull request Jun 5, 2013
Merged
@fabpot fabpot deleted the bcrypt branch April 27, 2014 09:24
@fabpot fabpot mentioned this pull request Sep 23, 2015
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fabpot @sstok @elnur