diff options
author | Lukas Winkler <git@lw1.at> | 2021-03-15 00:49:33 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-03-15 00:49:33 +0300 |
commit | 226f8dc19e613d63022ba112040afb578c814a7f (patch) | |
tree | 597b58dff6b51a4077f04bf8d3b0933cb11cc1ec /config | |
parent | ea45527a91d52afe9fb2dd095c5418fac3cce9ed (diff) |
Allow selecting password_hash algorithm (#17199)
* proof of concept for selecting password_hash algorithm
* better code stlye
* update expected screenshot
* Add entry to changelog for new INI config options.
Co-authored-by: diosmosis <diosmosis@users.noreply.github.com>
Diffstat (limited to 'config')
-rwxr-xr-x | config/global.ini.php | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/config/global.ini.php b/config/global.ini.php index 68c712aa86..5a6e4fbbef 100755 --- a/config/global.ini.php +++ b/config/global.ini.php @@ -394,6 +394,25 @@ disable_checks_usernames_attributes = 0 ; For legacy data, fallback or non-security scenarios, we use md5. hash_algorithm = whirlpool +; set the algorithm used by password_hash() +; "default" for the algorithm used by the PHP version or one of ["bcrypt", "argon2i", "argon2id"] +; "argon2id" requires at least PHP 7.3.0 +; for all argon2 algorithms, additional parameters can be changed below +; any changes are applied to the stored hash on the next login of a user +; see https://www.php.net/manual/en/function.password-hash.php and https://wiki.php.net/rfc/argon2_password_hash +; for more information +password_hash_algorithm = default + +; The number of CPU threads used for calculating the hash +password_hash_argon2_threads = default + +; The amount of memory (in KB) used for calculating the hash +; a minimum of 8 times the number of threads +password_hash_argon2_memory_cost = default + +; The number of iterations for calculating the hash +password_hash_argon2_time_cost = default + ; If set to 1, Matomo will automatically redirect all http:// requests to https:// ; If SSL / https is not correctly configured on the server, this will break Matomo ; If you set this to 1, and your SSL configuration breaks later on, you can always edit this back to 0 |