Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Minor
Fix Version/s: 2.9.4, 3.0.1
Affects Version/s: 2.9.3, 3.0
Component/s: General
Labels:
- ci

Affected Branches:
MOODLE_29_STABLE, MOODLE_30_STABLE
Fixed Branches:
MOODLE_29_STABLE, MOODLE_30_STABLE
Epic Link:
Prepare Moodle for PHP7
Pull from Repository:
git://github.com/marinaglancy/moodle.git
Pull Main Branch:
~~MDL-52283~~-master
Pull Main Diff URL:
https://github.com/marinaglancy/moodle/compare/c18acb8...MDL-52283-master
Testing Instructions:

Hide

run unittests in auth/db/tests/db_test.php and lib/password_compat/tests/PasswordHashTest.php

Show
run unittests in auth/db/tests/db_test.php and lib/password_compat/tests/PasswordHashTest.php

Description

See https://github.com/tpunt/PHP7-Reference#deprecation-of-salt-option-for-password_hash

With the introduction of the new password hashing API in PHP 5.5, many began implementing it and generating their own salts. Unfortunately, many of these salts were generated from cryptographically insecure functions like mt_rand(), making the salt far weaker than what would have been generated by default. (Yes, a salt is always used when hashing passwords with this new API!) The option to generate salts have therefore been deprecated to prevent developers from creating insecure salts.

Attachments

Activity

People

Assignee:: Tony Levi

Reporter:: Marina Glancy

Peer reviewer:: Marina Glancy

Integrator:: Dan Poltawski

Tester:: Adrian Greeve

Participants:: Adrian Greeve, CiBoT, Dan Poltawski, Eloy Lafuente (stronk7), Marina Glancy, Tony Levi

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 24/Nov/15 11:10 PM

Updated:: 04/Dec/15 2:49 PM

Resolved:: 04/Dec/15 2:49 PM

Fix Release Date:: 21/Dec/15