Comments (14)
In my case it turned out I was using different PHP binaries for installation and run time (phpenv can cause funny problems sometimes), so it's no longer an issue for me.
from psl.
Thanks for all comments I have an idea:
In base of this post Link
This algorithm is only available if PHP has been compiled with Argon2 support. - password_hash
If you want to use it whenever it is available, I would recommend to check with defined or else fallback to a default algorithm.
if(defined('PASSWORD_ARGON2ID')) {
$hash = password_hash('password123', PASSWORD_ARGON2ID, array('time_cost' => 10, 'memory_cost' => '2048k', 'threads' => 6));
} else {
$hash = password_hash('password123', PASSWORD_DEFAULT, array('time_cost' => 10, 'memory_cost' => '2048k', 'threads' => 6));
}
so if change the PASSWORD_ARGON2ID
to PASSWORD_DEFAULT
in the file:
azjezz/psl/src/Psl/Password/constants.php
all the process for the new version pass the all the test in the code?
it's only an idea :D
from psl.
Hm, i thought ext-sodium ( which is required by this library ) + php >= 7.4 would mean argon is enabled by default ( https://wiki.php.net/rfc/sodium.argon.hash ) 🤔
what method did you use to install PHP? are you building it yourself?
from psl.
it doesn't come with sodium, no.
php needs to be compiled with --with-password-argon2
which i'm doing with https://phpbrew.github.io/phpbrew/
from psl.
i've recompiled anyway, so feel free to close.
but it may be nice to handle this failure a bit more nicely than a fatal
from psl.
This definitely needs to be handled in a nicer way, i will leave it open until i figure out how to do so.
However, the official PHP build should contain support for argon2 if it contains sodium extension, so this is probably an issue that only people compiling their own PHP binaries will face.
from psl.
This is hitting me on CI and re/building PHP is not something I would want to do unless I really need argon2.
from psl.
i will try finding a fix later this week, as for now, PRs are welcome :)
from psl.
However, the official PHP build should contain support for argon2
Is that a thing though? I thought PHP project did not provide any builds whatsoever apart from their Windows builds. And distro builds can vary a lot.
from psl.
thought PHP project did not provide any builds whatsoever apart from their Windows builds.
no, you can find tarballs here: https://www.php.net/downloads
tho, i personally build my own binaries but with all almost all options enabled.
from psl.
no, you can find tarballs
Tarballs are not builds, so that actually a 'yes' 😉
from psl.
ah, yea.
but i still can't figure out how people compile PHP with ext-sodium ( which is required in composer.json ), but without argon2, since PHP 7.4, ext-sodium provides a fallback mechanism for argon2 when PHP is compiled without libargon ( RFC: https://wiki.php.net/rfc/sodium.argon.hash )
from psl.
okay, it seems PHP does this only with libsodium newer than 9.6 ( https://github.com/php/php-src/pull/4012/files#diff-3fe4027560fd299248af1dc1efe04287cc2b6418e8f01755c05c9db64b668b1eR646-R650 ), so now i'm wonder if require ext-sodium ^9.2 is really a good solution here...
from psl.
This issue has been fixed in 2.0.0, fixing it in 1.9 will result in BC breaks, so there's nothing can be done.
from psl.
Related Issues (20)
- [Type] add `nonnull` type
- [Type] add `string_range` and `int_range` types.
- Undeprecate `positive_int` HOT 2
- base64 url safe encoding HOT 1
- Return value of `Psl\Str\trim()` must be of the type string, null returned HOT 6
- `CoercionException::withValue()` called but not throwed. Is this dead code? HOT 1
- Improve error messages for shape and vec -like types
- Improve Dict\merge HOT 1
- Make PSL PHPStan compliant
- Add an `option()` type to `Psl\Type` to coerce to a `Psl\Option\Option` HOT 3
- Split this package is multiple sub-packages HOT 2
- [Bug] Vec\range handles ints which don't roundtrip through floats wrong
- intersection + shapes unexpected behaviour (possible bug?) HOT 4
- Type\implements_interface HOT 3
- Corece an `array` out of an `stdClass`? HOT 3
- [RFC] Change `ResultInterface<T>` to `ResultInterface<T, E>` HOT 5
- chore: rename all enum cases to use PascalCase
- Improvement converted json type HOT 5
- Is nonnull helpful in any way? HOT 1
- PHPStan extension unable to report optional positive-int
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from psl.