Hi all! We just merged https://github.com/owncloud/core/pull/12226 which removes “phpass” as 3rdparty dependency and introduces it’s own public hashing interface. This hashing interface is based on `password_hash` and a compatibility layer (`password_compat`) for older PHP versions. Furthermore, it automatically supports some legacy ownCloud hashes.
Please use from now on only this class to generate password hashes. The usage
is fairly simple:
// Hashing a message
$hash = \OC::$server->getHasher()->hash('MessageToHash');
// Verifying a message - $newHash will contain the newly calculated hash
// if $newHash is not null the hash should get updated in the database
$newHash = null;
var_dump(\OC::$server->getHasher()->verify('a',
'86f7e437faa5a7fce15d1ddcb9eaeaea377667b8', $newHash));
var_dump($newHash);
(Public interface can be found at
https://github.com/owncloud/core/blob/master/lib/public/security/ihasher.php)
As you can see it has an optional third-parameter `$newHash` which will
indicate whether the password needs a rehashing (for example if we introduce a
stronger hashing mechanism). A real-life example performing the migration can
be found at
https://github.com/owncloud/core/commit/c4d7483a0a7d1ea75bf06d0a4e726e2b150be81f
(some other examples are also linked at the above mentioned PR)
We will backport this API within the next days to the stable7 branch to make it
easier for developers to support multiple versions of ownCloud without having
to maintain a too much different code-base.
If you have any question about this change I’m happy to answer it.
Thanks a lot to everyone involved making ownCloud in any regard better. I’m
proud to be able to call myself a member of this community :-)
Lukas
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Devel mailing list [email protected] http://mailman.owncloud.org/mailman/listinfo/devel
