Skip to content

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
    • Help
    • Support
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
G
gnu-social
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
    • Cycle Analytics
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Charts
  • Issues 194
    • Issues 194
    • List
    • Boards
    • Labels
    • Milestones
  • Merge Requests 12
    • Merge Requests 12
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
    • Charts
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Charts
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • gnu.io
  • gnu-social
  • Merge Requests
  • !158

The source project of this merge request has been removed.
Closed
Opened Mar 12, 2018 by dansup@dansup1
  • Report abuse
Report abuse

Update AuthCryptPlugin with backwards compatible bcrypt and argon2i password hashing support, fix timing attacks

This adds support for modern password hashing algorithms, and fixes timing attacks for old password verification.

For older versions of PHP that do not support password_hash() or password_verify(), the existing method will be used as a fallback. Passwords will be automatically updated to the newest default algorithm (PASSWORD_BCRYPT) if supported by that PHP version.

Edited Mar 12, 2018 by dansup
  • Discussion 9
  • Changes 1
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
0
Labels
None
Assign labels
  • View project labels
Reference: gnu/gnu-social!158

git.gnu.io is graciously hosted by the Free Software Foundation. https://donate.fsf.org