php_info_print_table_start();
BASIC_MINFO_SUBMODULE(dl)
BASIC_MINFO_SUBMODULE(mail)
+ BASIC_MINFO_SUBMODULE(password)
php_info_print_table_end();
BASIC_MINFO_SUBMODULE(assert)
}
}
/* }}} */
+PHP_MINFO_FUNCTION(password) /* {{{ */
+{
+ php_info_print_table_row(2, "Default Password BCrypt Cost", INI_STR("password.bcrypt_cost"));
+}
+/* }}} */
static int php_password_salt_is_alphabet(const char *str, const int len)
{
zval_ptr_dtor(&ret);
RETURN_FALSE;
}
-
+
+ /* We're using this method instead of == in order to provide
+ * resistence towards timing attacks. This is a constant time
+ * equality check that will always check every byte of both
+ * values. */
for (i = 0; i < Z_STRLEN_P(ret); i++) {
status |= (Z_STRVAL_P(ret)[i] ^ Z_STRVAL_P(hash)[i]);
}
}
if (strcmp(algo, PHP_PASSWORD_BCRYPT) == 0) {
- int cost = PHP_PASSWORD_BCRYPT_DEFAULT_COST;
+ int cost = 0;
+ cost = (int) INI_INT("password.bcrypt_cost");
+
if (options && zend_symtable_find(options, "cost", 5, (void **) &option_buffer) == SUCCESS) {
convert_to_long_ex(option_buffer);
cost = Z_LVAL_PP(option_buffer);
zval_ptr_dtor(option_buffer);
- if (cost < 4 || cost > 31) {
- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid bcrypt cost parameter specified: %d", cost);
- RETURN_FALSE;
- }
}
+
+ if (cost < 4 || cost > 31) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid bcrypt cost parameter specified: %d", cost);
+ RETURN_FALSE;
+ }
+
required_salt_len = 22;
hash_format = emalloc(8);
sprintf(hash_format, "$2y$%02d$", cost);
PHP_FUNCTION(password_make_salt);
PHP_MINIT_FUNCTION(password);
+PHP_MINFO_FUNCTION(password);
#define PHP_PASSWORD_DEFAULT "2y"
#define PHP_PASSWORD_BCRYPT "2y"
-#define PHP_PASSWORD_BCRYPT_DEFAULT_COST 12;
-
-
#endif
STD_PHP_INI_ENTRY("error_append_string", NULL, PHP_INI_ALL, OnUpdateString, error_append_string, php_core_globals, core_globals)
STD_PHP_INI_ENTRY("error_prepend_string", NULL, PHP_INI_ALL, OnUpdateString, error_prepend_string, php_core_globals, core_globals)
+ PHP_INI_ENTRY("password.bcrypt_cost", "11", PHP_INI_ALL, NULL)
+
PHP_INI_ENTRY("SMTP", "localhost",PHP_INI_ALL, NULL)
PHP_INI_ENTRY("smtp_port", "25", PHP_INI_ALL, NULL)
STD_PHP_INI_BOOLEAN("mail.add_x_header", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, mail_x_header, php_core_globals, core_globals)
; http://php.net/browscap
;browscap = extra/browscap.ini
+[password]
+; The default cost of a bcrypt hash created using password_hash()
+; Note that this is only the default, and can be overriden by the
+; options argument to password_hash(). Additionally, it only affects
+; newly created hashes. A higher value will make the generated
+; hash more resistent to brute forcing, but will also use more CPU
+; Default: 11
+; password.bcrypt_cost = 11
+
[Session]
; Handler used to store/retrieve data.
; http://php.net/session.save-handler
; http://php.net/browscap
;browscap = extra/browscap.ini
+[password]
+; The default cost of a bcrypt hash created using password_hash()
+; Note that this is only the default, and can be overriden by the
+; options argument to password_hash(). Additionally, it only affects
+; newly created hashes. A higher value will make the generated
+; hash more resistent to brute forcing, but will also use more CPU
+; Default: 11
+; password.bcrypt_cost = 11
+
[Session]
; Handler used to store/retrieve data.
; http://php.net/session.save-handler
projects / php / commitdiff