Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-16878

Error in password_hash() with ARGON2 + Sodium & threadcount > 1

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Blocker
    • Resolution: Fixed
    • 3.3.4
    • 3.3.5
    • Authentication
    • None

    Description

      In phpbb/passwords/driver/argon21.php, line 47:

      $this->threads     = (defined('PASSWORD_ARGON2_PROVIDER') && PASSWORD_ARGON2_PROVIDER == 'sodium') ? $this->threads     = (defined('PASSWORD_ARGON2_PROVIDER') && PASSWORD_ARGON2_PROVIDER == 'sodium') ? PASSWORD_ARGON2_DEFAULT_THREADS : max($threads, defined('PASSWORD_ARGON2_DEFAULT_THREADS') ? PASSWORD_ARGON2_DEFAULT_THREADS : 1);

      This is a problem because:

      PASSWORD_ARGON2_DEFAULT_THREADS (int)
      		 
      Default number of threads that Argon2lib will use. Not available with libsodium implementation.

      I think the solution is to default to 1 thread when 

      PASSWORD_ARGON2_PROVIDER == 'sodium'

       

      Otherwise,

      [phpBB Debug] PHP Warning: in file [ROOT]/phpbb/passwords/driver/base_native.php on line 57: password_hash(): Threading failure

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. PHPBB3-16266 Error on clean install with PHP 7.4

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. PHPBB3-16342 Update Argon2 hashing costs

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Unverified Fix

          Activity

            People

              Marc Marc
              Marshalrusty Yuriy Rusko
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: