Merge pull request #294 from syzop/password_crypt_rounds
Add $config['password_crypt_rounds']
| | |
| | | // Be aware, the higher the value, the longer it takes to generate the password hashes. |
| | | $config['password_blowfish_cost'] = 12; |
| | | |
| | | // Number of rounds for the sha256 and sha512 crypt hashing algorithms. |
| | | // Must be at least 1000. If not set, then the number of rounds is left up |
| | | // to the crypt() implementation. On glibc this defaults to 5000. |
| | | // Be aware, the higher the value, the longer it takes to generate the password hashes. |
| | | //$config['password_crypt_rounds'] = 50000; |
| | | |
| | | // This option temporarily disables the password change functionality. |
| | | // Use it when the users database server is in maintenance mode or sth like that. |
| | | // You can set it to TRUE/FALSE or a text describing the reason |
| | |
| | | break; |
| | | |
| | | case 'sha256-crypt': |
| | | $crypted = crypt($password, '$5$' . self::random_salt(16)); |
| | | $rounds = (int) $rcmail->config->get('password_crypt_rounds'); |
| | | if ($rounds < 1000) |
| | | $prefix = '$5$'; |
| | | else |
| | | $prefix = '$5$rounds=' . $rounds . '$'; |
| | | $crypted = crypt($password, $prefix . self::random_salt(16)); |
| | | $prefix = '{CRYPT}'; |
| | | break; |
| | | |
| | | case 'sha512-crypt': |
| | | $crypted = crypt($password, '$6$' . self::random_salt(16)); |
| | | $rounds = (int) $rcmail->config->get('password_crypt_rounds'); |
| | | if ($rounds < 1000) |
| | | $prefix = '$6$'; |
| | | else |
| | | $prefix = '$6$rounds=' . $rounds . '$'; |
| | | $crypted = crypt($password, $prefix . self::random_salt(16)); |
| | | $prefix = '{CRYPT}'; |
| | | break; |
| | | |