mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 09:07:33 +00:00
feat(crypto): support for SHA2 and PHPass password hashes (#9809)
# Which Problems Are Solved
- Allow users to use SHA-256 and SHA-512 hashing algorithms. These
algorithms are used by Linux's crypt(3) function.
- Allow users to import passwords using the PHPass algorithm. This
algorithm is used by older PHP systems, WordPress in particular.
# How the Problems Are Solved
- Upgrade passwap to
[v0.9.0](https://github.com/zitadel/passwap/releases/tag/v0.9.0)
- Add sha2 and phpass as a new verifier option in defaults.yaml
# Additional Changes
- Updated docs to explain the two algorithms
# Additional Context
Implements the changes in the passwap library from
https://github.com/zitadel/passwap/pull/59 and
https://github.com/zitadel/passwap/pull/60
(cherry picked from commit 38013d0e84)
This commit is contained in:
Juriaan Kennedy
committed by
Livio Spring
Livio Spring
parent
b19fd84760
commit
603799f409
@@ -643,7 +643,7 @@ SystemDefaults:
|
||||
# or cost are automatically re-hashed using this config,
|
||||
# upon password validation or update.
|
||||
Hasher:
|
||||
# Supported algorithms: "argon2i", "argon2id", "bcrypt", "scrypt", "pbkdf2"
|
||||
# Supported algorithms: "argon2i", "argon2id", "bcrypt", "scrypt", "pbkdf2", "sha2"
|
||||
# Depending on the algorithm, different configuration options take effect.
|
||||
Algorithm: bcrypt # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ALGORITHM
|
||||
# Cost takes effect for the algorithms bcrypt and scrypt
|
||||
@@ -654,10 +654,11 @@ SystemDefaults:
|
||||
Memory: 32768 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_MEMORY
|
||||
# Threads takes effect for the algorithms argon2i and argon2id
|
||||
Threads: 4 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_THREADS
|
||||
# Rounds takes effect for the algorithm pbkdf2
|
||||
# Rounds takes effect for the algorithm pbkdf2 and sha2
|
||||
Rounds: 290000 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_ROUNDS
|
||||
# Hash takes effect for the algorithm pbkdf2
|
||||
# Can be "sha1", "sha224", "sha256", "sha384" or "sha512"
|
||||
# Hash takes effect for the algorithm pbkdf2 and sha2
|
||||
# Can be "sha1", "sha224", "sha256", "sha384" or "sha512" for pbkdf2
|
||||
# Can be "sha256" or "sha512" for sha2
|
||||
Hash: sha256 # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_HASHER_HASH
|
||||
|
||||
# Verifiers enable the possibility of verifying
|
||||
@@ -679,6 +680,8 @@ SystemDefaults:
|
||||
# - "md5" # md5Crypt with salt and password shuffling.
|
||||
# - "md5plain" # md5 digest of a password without salt
|
||||
# - "md5salted" # md5 digest of a salted password
|
||||
# - "phpass"
|
||||
# - "sha2" # crypt(3) SHA-256 and SHA-512
|
||||
# - "scrypt"
|
||||
# - "pbkdf2" # verifier for all pbkdf2 hash modes.
|
||||
SecretHasher:
|
||||
|
||||
Reference in New Issue
Block a user