[owncloud-devel] ownCloud 8.0: phpass will be removed
lukas at statuscode.ch
Thu Nov 20 14:16:29 GMT 2014
We just merged https://github.com/owncloud/core/pull/12226 which removes “phpass” as 3rdparty dependency and introduces it’s own public hashing interface. This hashing interface is based on `password_hash` and a compatibility layer (`password_compat`) for older PHP versions. Furthermore, it automatically supports some legacy ownCloud hashes.
Please use from now on only this class to generate password hashes. The usage is fairly simple:
// Hashing a message
$hash = \OC::$server->getHasher()->hash('MessageToHash');
// Verifying a message - $newHash will contain the newly calculated hash
// if $newHash is not null the hash should get updated in the database
$newHash = null;
var_dump(\OC::$server->getHasher()->verify('a', '86f7e437faa5a7fce15d1ddcb9eaeaea377667b8', $newHash));
(Public interface can be found at https://github.com/owncloud/core/blob/master/lib/public/security/ihasher.php)
As you can see it has an optional third-parameter `$newHash` which will indicate whether the password needs a rehashing (for example if we introduce a stronger hashing mechanism). A real-life example performing the migration can be found at https://github.com/owncloud/core/commit/c4d7483a0a7d1ea75bf06d0a4e726e2b150be81f (some other examples are also linked at the above mentioned PR)
We will backport this API within the next days to the stable7 branch to make it easier for developers to support multiple versions of ownCloud without having to maintain a too much different code-base.
If you have any question about this change I’m happy to answer it.
Thanks a lot to everyone involved making ownCloud in any regard better. I’m proud to be able to call myself a member of this community :-)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4139 bytes
Desc: not available
More information about the Devel