[TASK] Default saltedPWHashingMethod Pbkdf2 35/51935/3
authorChristian Futterlieb <christian@futterlieb.ch>
Fri, 3 Mar 2017 11:59:22 +0000 (12:59 +0100)
committerGeorg Ringer <georg.ringer@gmail.com>
Fri, 3 Mar 2017 19:04:37 +0000 (20:04 +0100)
Change default saltedPWHashingMethod to Pbkdf2 in order to use the
most secure salting method that is available by default.

Change-Id: I4cd06731fe5aee177f4809fd604c8f770232062f
Releases: master
Resolves: #80112
Reviewed-on: https://review.typo3.org/51935
Reviewed-by: Stephan GroƟberndt <stephan@grossberndt.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Futterlieb <christian@futterlieb.ch>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Josef Glatz <josef.glatz@typo3.org>
Tested-by: Josef Glatz <josef.glatz@typo3.org>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
typo3/sysext/core/Configuration/FactoryConfiguration.php

index 4c90eea..df856ef 100644 (file)
@@ -15,14 +15,14 @@ return [
             'rsaauth' => 'a:1:{s:18:"temporaryDirectory";s:0:"";}',
             'saltedpasswords' => serialize([
                 'BE.' => [
-                    'saltedPWHashingMethod' => \TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::class,
+                    'saltedPWHashingMethod' => \TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt::class,
                     'forceSalted' => 0,
                     'onlyAuthService' => 0,
                     'updatePasswd' => 1,
                 ],
                 'FE.' => [
                     'enabled' => 1,
-                    'saltedPWHashingMethod' => \TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::class,
+                    'saltedPWHashingMethod' => \TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt::class,
                     'forceSalted' => 0,
                     'onlyAuthService' => 0,
                     'updatePasswd' => 1,