Add support for PBKDF2 to hashing
An implementation is already pending for FLOW3 (see #26786, https://review.typo3.org/#change,2332)
which is planned to replace MD5 (current default). It would be great to have this available for passwords (FE/BE) and stdWrap.hash (see #28095).
I'm not yet sure how it would fit within current sysext "saltedpasswords" though.
Updated by Stefan Neufeind almost 9 years ago
- Status changed from Needs Feedback to Accepted
still not available in TYPO3 CMS (saltedpasswords, TypoScript). The hash-stdWrap relys on the php-hash-functions and even on a recent PHP a call to hash_algos() doesn't seem to support PBKDF2.
Updated by Marcus Krause almost 9 years ago
I started with this feature in March 2013 - see https://twitter.com/t3sec/status/313413250693881858
Let's see if I can find this code somewhere here. :))
Updated by Morton Jonuschat over 8 years ago
After looking into this adding it to stdWrap.hash seems counterintuitive. PBKDF2 is a key derivation function and not a typical hashing function. I'd reason that this is why PHP 5.5 offers a native implementation but it's not within hash_algos(). Due to this the patch I've submitted only takes care of EXT:saltedpasswords.