7a7976ba7a
So far, our key derivation code assumed that it has control over the salt used by the derivation routines, however I want to add Argon2 support and it doesn't work this way: password_hash() generates the salt itself, and the only way to verify a password is by using password_verify(). Current way the things are done doesn't support it because it relies on the result of password hashing with parameters we provide to be deterministic. Therefore, I'm deprecating Password::equals(), as well as whole concept of comparing Password objects - it's used only in tests anyway. It's getting replaced with verify() that only accepts password strings. Uses of old function are fixed with exception of a few calls in tests that will be addressed in my Argon2 patch. Change-Id: I2b2be9a422ee0f773490eac316ad81505c3f8571 |
||
|---|---|---|
| .. | ||
| BcryptPassword.php | ||
| commonpasswords.cdb | ||
| EncryptedPassword.php | ||
| InvalidPassword.php | ||
| LayeredParameterizedPassword.php | ||
| MWOldPassword.php | ||
| MWSaltedPassword.php | ||
| ParameterizedPassword.php | ||
| Password.php | ||
| PasswordError.php | ||
| PasswordFactory.php | ||
| PasswordPolicyChecks.php | ||
| Pbkdf2Password.php | ||
| UserPasswordPolicy.php | ||