You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Many Linux distributions are moving towards using the yescrypt hash function as a modern hash function for system authentication (it's the default in latest versions of Fedora, Debian, Ubuntu).
PHP's password_hash()/password_verify() functions currently do not support yescrypt. It can be used with crypt() when php is compiled with --with-external-libcrypt which is currently not the default. However, the semantics of crypt() are complicated, and the docs for the crypt() function encourage the use of password_hash(). Therefore, it'd be good if password_hash() would support yescrypt.
The text was updated successfully, but these errors were encountered:
FWIW, I've started working on this. So far I locally have added support for yescrypt in our crypt() handler when using non-system crypt(). Next up is adding support in password_hash (which uses crypt() for handling the hashes).
Description
Many Linux distributions are moving towards using the yescrypt hash function as a modern hash function for system authentication (it's the default in latest versions of Fedora, Debian, Ubuntu).
PHP's password_hash()/password_verify() functions currently do not support yescrypt. It can be used with crypt() when php is compiled with --with-external-libcrypt which is currently not the default. However, the semantics of crypt() are complicated, and the docs for the crypt() function encourage the use of password_hash(). Therefore, it'd be good if password_hash() would support yescrypt.
The text was updated successfully, but these errors were encountered: