Skip to content

Updated to v1.1.0 from origin repo #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
choules wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Updated to v1.1.0 from origin repo #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,14 @@ This is Openwall's [Phpass](http://openwall.com/phpass/), based on the 0.3 relea

The changes are minimal and only stylistic. The source code is in the public domain. We claim no ownership, but needed it for one of our projects, and wanted to make it available to other people as well.

* `1.1.0` - Modified to add `random_bytes` hook function.
* `1.0.0` - Modified to use [hash_equals](http://php.net/hash_equals) to be resistant to timing attacks. This requires `php >= 5.6.0`.
* `0.3.x` - Very close to the original version. Requires `php >= 5.3.3`.

## Customizing the Source of Randomness

In version `1.1.0`, the `get_random_bytes` function checks for the presence of a `random_bytes` function. If a `random_bytes` function is callable, then `random_bytes` will be used as the source for random bytes output. Otherwise, the original `get_random_bytes` code will be used.

## Installation ##

Add this requirement to your `composer.json` file and run `composer.phar install`:
Expand Down
6 changes: 3 additions & 3 deletions composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
"password",
"security"
],
"homepage": "http://github.com/hautelook/phpass/",
"homepage": "http://github.com/bordoni/phpass/",
"authors": [
{
"name": "Solar Designer",
Expand All @@ -24,14 +24,14 @@
}
],
"require": {
"php": ">=5.3.3"
"php": ">=5.6.0"
},
"autoload": {
"psr-0": {
"Hautelook": "src/"
}
},
"replace": {
"hautelook/phpass": "0.3.*"
"hautelook/phpass": "1.1.0"
}
}
9 changes: 7 additions & 2 deletions src/Hautelook/Phpass/PasswordHash.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,12 @@
*
* Portable PHP password hashing framework.
*
* Version 0.3 / genuine.
* Version 1.0.0 - modified by Nordstromrack.com | HauteLook
*
* Change Log:
*
* - the hash_equals function is now used instead of == or === to prevent
* timing attacks
*
* Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in
*
Expand Down Expand Up @@ -314,6 +319,6 @@ public function CheckPassword($password, $stored_hash)
$hash = crypt($password, $stored_hash);
}

return $hash === $stored_hash;
return hash_equals($stored_hash, $hash);
}
}