Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-52283

Deprecation of Salt Option for password_hash() in PHP7


    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • 2.9.4, 3.0.1
    • 2.9.3, 3.0
    • General

      See https://github.com/tpunt/PHP7-Reference#deprecation-of-salt-option-for-password_hash

      With the introduction of the new password hashing API in PHP 5.5, many began implementing it and generating their own salts. Unfortunately, many of these salts were generated from cryptographically insecure functions like mt_rand(), making the salt far weaker than what would have been generated by default. (Yes, a salt is always used when hashing passwords with this new API!) The option to generate salts have therefore been deprecated to prevent developers from creating insecure salts.

            tlevi Tony Levi
            marina Marina Glancy
            Marina Glancy Marina Glancy
            Dan Poltawski Dan Poltawski
            Adrian Greeve Adrian Greeve
            0 Vote for this issue
            3 Start watching this issue


                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.