mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-01-18 06:38:43 +01:00
Code Issues Releases Wiki Activity

[ticket/16342] Increase default hashing costs for Argon2 passwords

Browse Source 
PHPBB3-16342
This commit is contained in:
JoshyPHP 2020-01-28 01:41:54 +01:00
parent d2a344af5d
commit 2dbcad7840
3 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
phpBB/config/default/container/services_password.yml
View File

@ -1,7 +1,7 @@
parameters:
passwords.driver.argon2_memory_cost: 1024
passwords.driver.argon2_memory_cost: 65536
passwords.driver.argon2_threads: 2
passwords.driver.argon2_time_cost: 2
passwords.driver.argon2_time_cost: 4
passwords.driver.bcrypt_cost: 10
services:

6
phpBB/phpbb/passwords/driver/argon2i.php
View File

@ -33,7 +33,7 @@ class argon2i extends base_native
* @param int $threads Number of threads to use (optional)
* @param int $time_cost Maximum amount of time (optional)
*/
public function __construct(\phpbb\config\config $config, helper $helper, $memory_cost = 1024, $threads = 2, $time_cost = 2)
public function __construct(\phpbb\config\config $config, helper $helper, $memory_cost = 65536, $threads = 2, $time_cost = 4)
{
parent::__construct($config, $helper);
@ -42,8 +42,8 @@ class argon2i extends base_native
* See https://wiki.php.net/rfc/sodium.argon.hash and PHPBB3-16266
* Don't allow cost factors to be below default settings where possible
*/
$this->memory_cost = max($memory_cost, defined('PASSWORD_ARGON2_DEFAULT_MEMORY_COST') ? PASSWORD_ARGON2_DEFAULT_MEMORY_COST : 1024);
$this->time_cost = max($time_cost, defined('PASSWORD_ARGON2_DEFAULT_TIME_COST') ? PASSWORD_ARGON2_DEFAULT_TIME_COST : 2);
$this->memory_cost = max($memory_cost, defined('PASSWORD_ARGON2_DEFAULT_MEMORY_COST') ? PASSWORD_ARGON2_DEFAULT_MEMORY_COST : 65536);
$this->time_cost = max($time_cost, defined('PASSWORD_ARGON2_DEFAULT_TIME_COST') ? PASSWORD_ARGON2_DEFAULT_TIME_COST : 4);
$this->threads = (defined('PASSWORD_ARGON2_PROVIDER') && PASSWORD_ARGON2_PROVIDER == 'sodium') ?
PASSWORD_ARGON2_DEFAULT_THREADS : max($threads, defined('PASSWORD_ARGON2_DEFAULT_THREADS') ? PASSWORD_ARGON2_DEFAULT_THREADS : 1);
}

4
tests/passwords/drivers_test.php
View File

@ -24,8 +24,8 @@ class phpbb_passwords_helper_test extends \phpbb_test_case
// Initialize argon2 default options
$this->argon2_default_cost_options = [
'memory_cost' => 1024,
'time_cost' => 2,
'memory_cost' => 65536,
'time_cost' => 4,
'threads' => 2
];