From ed4dc2139dd5c6cbf1732b1bf2ec45dfd35a178a Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Sat, 25 Sep 2021 15:35:29 +0200 Subject: [PATCH] Password: Remove password_blowfish_cost option, in favor of password_algorithm_options --- CHANGELOG.md | 1 + plugins/password/config.inc.php.dist | 6 +----- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7775d5298..bce53e99a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ - Add option to control links handling behavior on html to text conversion (#6485) - Disable the default spellchecker option using spell.roundcube.net (#8182) - Enigma: Upgrade to OpenPGP.js v5.0 +- Password: Remove password_blowfish_cost option, in favor of password_algorithm_options - Password: Remove support for password_algorithms crypt, hash and cram-md5 - Password: Remove support for %c, %d, %n, %q variables in password_query - Password: Add support for passwords based on PHP's password_hash() function (#7724) diff --git a/plugins/password/config.inc.php.dist b/plugins/password/config.inc.php.dist index 6e3b2ec02..d5fcfddeb 100644 --- a/plugins/password/config.inc.php.dist +++ b/plugins/password/config.inc.php.dist @@ -52,6 +52,7 @@ $config['password_algorithm'] = 'clear'; // Additional options for password hashing function(s). // For password_hash()-based passwords see https://www.php.net/manual/en/function.password-hash.php +// It can be used to set the Blowfish algorithm cost, e.g. ['cost' => 12] $config['password_algorithm_options'] = []; // Password prefix (e.g. {CRYPT}, {SHA}) for passwords generated @@ -71,11 +72,6 @@ $config['password_dovecotpw_method'] = 'CRAM-MD5'; // when using password_algorithm=dovecot $config['password_dovecotpw_with_method'] = false; -// Iteration count parameter for Blowfish-based hashing algo. -// It must be between 4 and 31. Default: 12. -// Be aware, the higher the value, the longer it takes to generate the password hashes. -$config['password_blowfish_cost'] = 12; - // Number of rounds for the sha256 and sha512 crypt hashing algorithms. // Must be at least 1000. If not set, then the number of rounds is left up // to the crypt() implementation. On glibc this defaults to 5000.