Skip to content

Update configuration for argon2i encoder #9300

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 1, 2018
Merged

Update configuration for argon2i encoder #9300

merged 1 commit into from
Mar 1, 2018

Conversation

CoalaJoe
Copy link
Contributor

@CoalaJoe CoalaJoe mentioned this pull request Feb 20, 2018
Merged
@javiereguiluz javiereguiluz added the Waiting Code Merge Docs for features pending to be merged label Feb 20, 2018
symfony-splitter pushed a commit to symfony/security-core that referenced this pull request Feb 20, 2018
@fabpot
feature #26175 [Security] Add configuration for Argon2i encryption (C…
efaf1d6 
…oalaJoe)

This PR was merged into the 4.1-dev branch.

Discussion
----------

[Security] Add configuration for Argon2i encryption

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #26174
| License       | MIT
| Doc PR        | [#9300](symfony/symfony-docs#9300)

Feedback?

Current situation: Configuration only applies if argon2i is natively supported.

Commits
-------

1300fece5f [Security] Add configuration for Argon2i encryption
symfony-splitter pushed a commit to symfony/security that referenced this pull request Feb 20, 2018
@fabpot
feature #26175 [Security] Add configuration for Argon2i encryption (C…
88ef56a 
…oalaJoe)

This PR was merged into the 4.1-dev branch.

Discussion
----------

[Security] Add configuration for Argon2i encryption

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #26174
| License       | MIT
| Doc PR        | [#9300](symfony/symfony-docs#9300)

Feedback?

Current situation: Configuration only applies if argon2i is natively supported.

Commits
-------

1300fece5f [Security] Add configuration for Argon2i encryption
symfony-splitter pushed a commit to symfony/security-bundle that referenced this pull request Feb 20, 2018
@fabpot
feature #26175 [Security] Add configuration for Argon2i encryption (C…
d58e1e9 
…oalaJoe)

This PR was merged into the 4.1-dev branch.

Discussion
----------

[Security] Add configuration for Argon2i encryption

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #26174
| License       | MIT
| Doc PR        | [#9300](symfony/symfony-docs#9300)

Feedback?

Current situation: Configuration only applies if argon2i is natively supported.

Commits
-------

1300fece5f [Security] Add configuration for Argon2i encryption
fabpot added a commit to symfony/symfony that referenced this pull request Feb 20, 2018
@fabpot
feature #26175 [Security] Add configuration for Argon2i encryption (C…
2711d14 
…oalaJoe)

This PR was merged into the 4.1-dev branch.

Discussion
----------

[Security] Add configuration for Argon2i encryption

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #26174
| License       | MIT
| Doc PR        | [#9300](symfony/symfony-docs#9300)

Feedback?

Current situation: Configuration only applies if argon2i is natively supported.

Commits
-------

1300fec [Security] Add configuration for Argon2i encryption
@javiereguiluz
Copy link
Member

@CoalaJoe thanks for updating the docs (and thanks for implementing the feature too!). I have a question about the time_cost parameter:

  1. In the RFC it says: "The time cost represents the number of times the hash algorithm will be run" (https://wiki.php.net/rfc/argon2_password_hash)

  2. In the PHP manual it says: "Maximum amount of time it may take to compute the Argon2 hash" (http://php.net/manual/en/function.password-hash.php)

So, is it the number of seconds or the number of iterations?

@CoalaJoe
Copy link
Contributor Author

@javiereguiluz Thank you, it was fun to give symfony something back after using it so long. :)

Excellent question!

I had to dig into the source code to find clarification.
As statet a couple time, like here: https://github.com/P-H-C/phc-winner-argon2/blob/54ff100b0717505493439ec9d4ca85cb9cbdef00/src/run.c#L85

So I feel confident telling you that it is the amount of iterations.

@javiereguiluz javiereguiluz removed the Waiting Code Merge Docs for features pending to be merged label Feb 27, 2018
@javiereguiluz
Copy link
Member

Nice digging in the source code! Now it's clear the intention of that parameter (the name could be less confusing to be honest ... but that's what PHP uses, so we can't change it).

@javiereguiluz
Copy link
Member

And it's merged! Thanks and congrats on your first Symfony Docs contribution.

@javiereguiluz javiereguiluz merged commit a3e9bf2 into symfony:master Mar 1, 2018
javiereguiluz added a commit that referenced this pull request Mar 1, 2018
@javiereguiluz
minor #9300 Update configuration for argon2i encoder (CoalaJoe)
a71085e 
This PR was merged into the master branch.

Discussion
----------

Update configuration for argon2i encoder

From: symfony/symfony#26175

Commits
-------

a3e9bf2 Update configuration for argon2i encoder
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Status: Reviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@CoalaJoe @javiereguiluz @carsonbot