Feature #28230

Add support for PBKDF2 to hashing

Added by Stefan Neufeind almost 11 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Should have
Category:
-
Target version:
-
Start date:
2011-07-15
Due date:
% Done:

100%

Estimated time:
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

An implementation is already pending for FLOW3 (see #26786, https://review.typo3.org/#change,2332)
which is planned to replace MD5 (current default). It would be great to have this available for passwords (FE/BE) and stdWrap.hash (see #28095).

I'm not yet sure how it would fit within current sysext "saltedpasswords" though.


Related issues

Related to TYPO3 Flow Base Distribution - Feature #26786: Use a safe password hashing mechanismResolvedChristopher Hlubek2011-05-12

Actions
Related to TYPO3 Core - Feature #28095: Add hashing algorithms to stdWrapClosedFabrizio Branca2011-07-11

Actions
#1

Updated by Mathias Schreiber over 7 years ago

  • Status changed from New to Needs Feedback
  • Assignee set to Stefan Neufeind

Is this still valid?

#2

Updated by Stefan Neufeind over 7 years ago

  • Status changed from Needs Feedback to Accepted

still not available in TYPO3 CMS (saltedpasswords, TypoScript). The hash-stdWrap relys on the php-hash-functions and even on a recent PHP a call to hash_algos() doesn't seem to support PBKDF2.

#3

Updated by Marcus Krause over 7 years ago

I started with this feature in March 2013 - see https://twitter.com/t3sec/status/313413250693881858

Let's see if I can find this code somewhere here. :))

#4

Updated by Stefan Neufeind over 7 years ago

We should have an implemention in Flow as well already (see description).

#5

Updated by Gerrit Code Review almost 7 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/42342

#6

Updated by Morton Jonuschat almost 7 years ago

After looking into this adding it to stdWrap.hash seems counterintuitive. PBKDF2 is a key derivation function and not a typical hashing function. I'd reason that this is why PHP 5.5 offers a native implementation but it's not within hash_algos(). Due to this the patch I've submitted only takes care of EXT:saltedpasswords.

#7

Updated by Gerrit Code Review almost 7 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/42342

#8

Updated by Gerrit Code Review over 6 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/42342

#9

Updated by Gerrit Code Review over 6 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/42342

#10

Updated by Gerrit Code Review over 6 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/42342

#11

Updated by Gerrit Code Review over 6 years ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/42342

#12

Updated by Gerrit Code Review over 6 years ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/42342

#13

Updated by Gerrit Code Review over 6 years ago

Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/42342

#14

Updated by Morton Jonuschat over 6 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#15

Updated by Benni Mack over 3 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF