Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-16878

Error in password_hash() with ARGON2 + Sodium & threadcount > 1

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 3.3.4
    • Fix Version/s: 3.3.5
    • Component/s: Authentication
    • Labels:
      None

      Description

      In phpbb/passwords/driver/argon21.php, line 47:

      $this->threads     = (defined('PASSWORD_ARGON2_PROVIDER') && PASSWORD_ARGON2_PROVIDER == 'sodium') ? $this->threads     = (defined('PASSWORD_ARGON2_PROVIDER') && PASSWORD_ARGON2_PROVIDER == 'sodium') ? PASSWORD_ARGON2_DEFAULT_THREADS : max($threads, defined('PASSWORD_ARGON2_DEFAULT_THREADS') ? PASSWORD_ARGON2_DEFAULT_THREADS : 1);

      This is a problem because:

      PASSWORD_ARGON2_DEFAULT_THREADS (int)
      Default number of threads that Argon2lib will use. Not available with libsodium implementation.

      I think the solution is to default to 1 thread when 

      PASSWORD_ARGON2_PROVIDER == 'sodium'

       

      Otherwise,

      [phpBB Debug] PHP Warning: in file [ROOT]/phpbb/passwords/driver/base_native.php on line 57: password_hash(): Threading failure

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Marc Marc
              Reporter:
              Marshalrusty Yuriy Rusko
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: