Feature #31679

Support multiple password hashing strategies

Added by Christopher Hlubek about 9 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
Should have
Category:
Security
Start date:
2011-11-08
Due date:
% Done:

100%

Estimated time:
PHP Version:
Has patch:
No
Complexity:

Description

The security framework should support multiple password hashing strategies. An identifier could be used to differentiate between different implementations. The hashed passwords should be self-descriptive, such that they contain an identifier for the password hashing strategy to use for validating the hashed password.

This allows an easy transition from PBKDF2 to BCrypt or other hashing strategies in the future. It also allows for the usage of different security levels in one application .


Related issues

Related to TYPO3.Flow - Bug #32991: Wrong default password hashing strategyResolvedKarsten Dambekalns2012-01-05

Actions
#1

Updated by Mr. Hudson about 9 years ago

  • Status changed from New to Under Review

Patch set 1 of change I6a8689d3dc38b7c9a7b20407a87f1688a1b3af20 has been pushed to the review server.
It is available at http://review.typo3.org/6598

#2

Updated by Mr. Hudson about 9 years ago

Patch set 2 of change I6a8689d3dc38b7c9a7b20407a87f1688a1b3af20 has been pushed to the review server.
It is available at http://review.typo3.org/6598

#3

Updated by Gerrit Code Review about 9 years ago

Patch set 3 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6598

#4

Updated by Gerrit Code Review about 9 years ago

Patch set 4 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6598

#5

Updated by Christopher Hlubek about 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#6

Updated by Karsten Dambekalns about 9 years ago

  • Target version changed from 1.1 to 1.1 beta 1

Also available in: Atom PDF