From 2d261bd4c26e9413faf440e52f7ce8fc00164af7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Schl=C3=A4pfer?= Date: Wed, 9 Jun 2021 20:28:39 +0200 Subject: [PATCH] [PasswordHasher] use sodium as "best" hasher if available with algorithm "auto" --- .../Component/PasswordHasher/Hasher/PasswordHasherFactory.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/PasswordHasher/Hasher/PasswordHasherFactory.php b/src/Symfony/Component/PasswordHasher/Hasher/PasswordHasherFactory.php index a2f24224744aa..6d3778fe47adb 100644 --- a/src/Symfony/Component/PasswordHasher/Hasher/PasswordHasherFactory.php +++ b/src/Symfony/Component/PasswordHasher/Hasher/PasswordHasherFactory.php @@ -116,7 +116,7 @@ private function getHasherConfigFromAlgorithm(array $config): array if ('auto' === $config['algorithm']) { // "plaintext" is not listed as any leaked hashes could then be used to authenticate directly if (SodiumPasswordHasher::isSupported()) { - $algorithms = ['native', 'sodium', 'pbkdf2']; + $algorithms = ['sodium', 'native', 'pbkdf2']; } else { $algorithms = ['native', 'pbkdf2']; }