Skip to content
Snippets Groups Projects
Select Git revision
  • 2.0.x
  • 8.x-1.x default
  • 2.0.0-alpha.1
  • 2.0.0-alpha1
  • 8.x-1.3
  • 8.x-1.2
  • 8.x-1.1
  • 8.x-1.0
8 results
Compare
Geoff Appleby's avatar
Issue #3334308: needsRehash always checks against PASSWORD_DEFAULT
Geoff Appleby authored
725c7e56
History
Geoff Appleby's avatar 725c7e56
History
Name Last commit Last update
src
tests/src/Unit/Password
.gitattributes
.gitignore
.lando.yml
README.md
composer.json
drush.services.yml
php_password.drush.inc
php_password.info.yml
php_password.services.yml
phpcs.xml.dist
README.md

CONTENTS OF THIS FILE

  • Introduction
  • Installation
  • Configuration

INTRODUCTION

Current Maintainer: James Gilliland neclimdul@gmail.com

Replace Drupal's in PHP hashing algorythm with php's native hashing algorythm.

INSTALLATION

The php_password module will take care of replacing Drupal's password manager for you so installation is as simple as installing any other Drupal module.

CONFIGURATION

This module doesn't have a lot of configuration needed out of the box. However you may choose to tweak some of the parameters used to hash new passwords.

Hash Cost

Hash cost can be configured though a container parameter.

You can add the following snippet to your sites services.yml file to modify the cost:

parameters:
  password_hash_cost: 8

Additionally a Drush command is provided to help you calculate an ideal value with between 100-500ms runtime on your specific hardware.

$ drush password-hash-cost

Hash algorithm

As of php 7.2 there are 2 password hashing mechanisms however php_password only supports using PHP's default(bcrypt) hash algorithm at this time.