diff options
author | Aleksander Machniak <alec@alec.pl> | 2021-11-06 12:15:22 +0300 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2021-11-06 12:15:22 +0300 |
commit | 6cfca8dc9f5a1979d60e05770c5453605beeb3d3 (patch) | |
tree | de00a222fb015db1ea51f8992f942798f646baf9 /plugins | |
parent | e294b93d36fb71e9176581508d03a9f2c481c983 (diff) |
Fix crypted password prefixes, use stronger blowfish algorithm
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/password/password.php | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/plugins/password/password.php b/plugins/password/password.php index 7f18aa826..9a75d7639 100644 --- a/plugins/password/password.php +++ b/plugins/password/password.php @@ -552,7 +552,7 @@ class password extends rcube_plugin case 'md5crypt': // for BC case 'md5-crypt': $crypted = crypt($password, '$1$' . rcube_utils::random_bytes(9)); - $prefix = '{CRYPT}'; + $prefix = '{MD5-CRYPT}'; break; case 'sha256-crypt': @@ -564,7 +564,7 @@ class password extends rcube_plugin } $crypted = crypt($password, $prefix . rcube_utils::random_bytes(16)); - $prefix = '{CRYPT}'; + $prefix = '{SHA256-CRYPT}'; break; case 'sha512-crypt': @@ -576,17 +576,17 @@ class password extends rcube_plugin } $crypted = crypt($password, $prefix . rcube_utils::random_bytes(16)); - $prefix = '{CRYPT}'; + $prefix = '{SHA512-CRYPT}'; break; case 'blowfish': // for BC case 'blowfish-crypt': $cost = (int) ($options['cost'] ?? $rcmail->config->get('password_blowfish_cost')); $cost = $cost < 4 || $cost > 31 ? 12 : $cost; - $prefix = sprintf('$2a$%02d$', $cost); + $prefix = sprintf('$2y$%02d$', $cost); $crypted = crypt($password, $prefix . rcube_utils::random_bytes(22)); - $prefix = '{CRYPT}'; + $prefix = '{BLF-CRYPT}'; break; case 'md5': @@ -745,18 +745,17 @@ class password extends rcube_plugin case 'hash-bcrypt': $crypted = password_hash($password, PASSWORD_BCRYPT, $options); + $prefix = '{BLF-CRYPT}'; break; case 'hash-argon2i': $crypted = password_hash($password, PASSWORD_ARGON2I, $options); + $prefix = '{ARGON2I}'; break; case 'hash-argon2id': $crypted = password_hash($password, PASSWORD_ARGON2ID, $options); - break; - - case 'hash-default': - $crypted = password_hash($password, PASSWORD_DEFAULT, $options); + $prefix = '{ARGON2ID}'; break; case 'clear': |