Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-16878

Error in password_hash() with ARGON2 + Sodium & threadcount > 1

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Blocker
    • Resolution: Fixed
    • 3.3.4
    • 3.3.5
    • Authentication
    • None

    Description

      In phpbb/passwords/driver/argon21.php, line 47:

      $this->threads     = (defined('PASSWORD_ARGON2_PROVIDER') && PASSWORD_ARGON2_PROVIDER == 'sodium') ? $this->threads     = (defined('PASSWORD_ARGON2_PROVIDER') && PASSWORD_ARGON2_PROVIDER == 'sodium') ? PASSWORD_ARGON2_DEFAULT_THREADS : max($threads, defined('PASSWORD_ARGON2_DEFAULT_THREADS') ? PASSWORD_ARGON2_DEFAULT_THREADS : 1);

      This is a problem because:

      PASSWORD_ARGON2_DEFAULT_THREADS (int)
      Default number of threads that Argon2lib will use. Not available with libsodium implementation.

      I think the solution is to default to 1 thread when 

      PASSWORD_ARGON2_PROVIDER == 'sodium'

       

      Otherwise,

      [phpBB Debug] PHP Warning: in file [ROOT]/phpbb/passwords/driver/base_native.php on line 57: password_hash(): Threading failure

      Attachments

        Issue Links

          Activity

            People

              Marc Marc
              Marshalrusty Marshalrusty
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: