Bug #90612
closed
Upgrading from 8 to 9 choosing Argon2i throws error
100%
Description
Upgrading from 8 to 9 choosing Argon2i - Running on PHP 7.4.3 - gives me this on be login:
PHP Warning: password_needs_rehash(): A thread value other than 1 is not supported by this implementation in /var/www/typo3_source/typo3_src-9.5.14/typo3/sysext/core/Classes/Crypto/PasswordHashing/Argon2iPasswordHash.php line 144
The property is defined as:
protected $options = [
'memory_cost' => 65536,
'time_cost' => 16,
'threads' => 2
];
Setting: $GLOBALS['TYPO3_CONF_VARS']['BE']['passwordHashing']['options']['threads'] = 1; solves the issue, but I have a hard time understanding why 'threads' => 2 in the core?
Files
Updated by Christian Eßl about 4 years ago
TYPO3 is using libargon and should be testing for the presence of this library in the Install Tool by checking if the constant PASSWORD_ARGON2I is set. Does the Install Tool tell you that ARGON2I is supported? Because it looks like your PHP is missing the library.
The error you reported comes from libsodium, which has a different argon2i implementation that is locked to only 1 supported thread. Right now, TYPO3 does not support argon2i via libsodium and AFAIK it shouldn't be possible to select it from the Install Tool. (Although it still is possible to set up the website on a different system with libargon and then deploying it to a webserver without the support.)
The support of argon2 via libsodium in PHP is younger than the libargon one. (And that's probably why it is missing for TYPO3) Maybe it can be thought about supporting both implementations in TYPO3?
Updated by Claus Harup about 4 years ago
You are correct - my PHP settings:
sodium support enabled
libsodium headers version 1.0.18
libsodium library version 1.0.18
The InstallTool lets me choose Argon2i - see attached image
Updated by Gerrit Code Review about 4 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63605
Updated by Gerrit Code Review about 4 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63605
Updated by Gerrit Code Review about 4 years ago
Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63852
Updated by Gerrit Code Review about 4 years ago
Patch set 2 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63852
Updated by Susanne Moog about 4 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset fe2e5cff44aa11cfb22f16748381c3263722411f.
Updated by 