Passwords: BCRYPT changed to default algorithm

nette · Jul 11, 2018 · bc0f81d · bc0f81d · JanTvrdik · Jul 12, 2018
1 parent 8647df3
commit bc0f81d
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/Security/Passwords.php b/src/Security/Passwords.php
@@ -28,7 +28,7 @@ public static function hash(string $password, array $options = []): string
 			throw new Nette\InvalidArgumentException("Cost must be in range 4-31, $options[cost] given.");
 		}
 
-		$hash = password_hash($password, PASSWORD_BCRYPT, $options);
+		$hash = password_hash($password, PASSWORD_DEFAULT, $options);
 		if ($hash === false || strlen($hash) < 60) {
 			throw new Nette\InvalidStateException('Hash computed by password_hash is invalid.');
 		}
@@ -50,6 +50,6 @@ public static function verify(string $password, string $hash): bool
 	 */
 	public static function needsRehash(string $hash, array $options = []): bool
 	{
-		return password_needs_rehash($hash, PASSWORD_BCRYPT, $options);
+		return password_needs_rehash($hash, PASSWORD_DEFAULT, $options);
 	}
 }