Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

[Security\Core] Make SodiumPasswordEncoder validate BCrypt-ed passwords #31763

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chalasr merged 1 commit into from
May 31, 2019
Merged

[Security\Core] Make SodiumPasswordEncoder validate BCrypt-ed passwords #31763

chalasr merged 1 commit into from
May 31, 2019

Conversation

@nicolas-grekas
Copy link
Member

@nicolas-grekas nicolas-grekas commented May 31, 2019

Q A
Branch? 4.3
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #31758
License MIT
Doc PR -

Otherwise, the promise of the "auto" mode doesn't work.

@nicolas-grekas nicolas-grekas added this to the 4.3 milestone May 31, 2019
@chalasr
Copy link
Member

chalasr commented May 31, 2019

Thank you @nicolas-grekas.

@chalasr chalasr merged commit c0fc456 into symfony:4.3 May 31, 2019
chalasr pushed a commit that referenced this pull request May 31, 2019
bug #31763 [Security\Core] Make SodiumPasswordEncoder validate BCrypt…
1318d3b 
…-ed passwords (nicolas-grekas)

This PR was merged into the 4.3 branch.

Discussion
----------

[Security\Core] Make SodiumPasswordEncoder validate BCrypt-ed passwords

| Q             | A
| ------------- | ---
| Branch?       | 4.3
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #31758
| License       | MIT
| Doc PR        | -

Otherwise, the promise of the "auto" mode doesn't work.

Commits
-------

c0fc456 [Security\Core] Make SodiumPasswordEncoder validate BCrypt-ed passwords
@nicolas-grekas nicolas-grekas deleted the sec-sodium-bcrypt branch May 31, 2019 10:02
@yceruto yceruto mentioned this pull request May 31, 2019
Closed
@fabpot fabpot mentioned this pull request Jun 6, 2019
Merged
nicolas-grekas added a commit that referenced this pull request Dec 3, 2019
@nicolas-grekas
bug #34763 [Security/Core] Fix checking for SHA256/SHA512 passwords (…
0a9a6ba 
…David Brooks)

This PR was merged into the 4.4 branch.

Discussion
----------

[Security/Core] Fix checking for SHA256/SHA512 passwords

| Q             | A
| ------------- | ---
| Branch?       | 4.4
| Bug fix?      | yes
| New feature?  | no
| Deprecations? | no
| Tickets       | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License       | MIT
| Doc PR        | symfony/symfony-docs#... <!-- required for new features -->
<!--
The code to validate bcrypt passwords (#31763) needs to include SHA256 and SHA512-hashed passwords.  These are used on RedHat (and derived) systems.

Since SHA256/512 don't appear to have a limit of 72 characters, I simply created a new if() block.
-->

Commits
-------

799c85b [Security/Core] Fix checking for SHA256/SHA512 passwords
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chalasr chalasr chalasr approved these changes

Assignees

No one assigned

Labels

Bug Security Status: Reviewed

Projects

None yet

Milestone

4.3

Development

Successfully merging this pull request may close these issues.

3 participants

@nicolas-grekas @chalasr @carsonbot
Morty Proxy This is a proxified and sanitized view of the page, visit original site.