[4.0] Remove missing phpass in favour of Laravel support hash#577
[4.0] Remove missing phpass in favour of Laravel support hash#577TheoKouzelis wants to merge 1 commit intocorcel:4.0from
Conversation
Phpass has been deleted. But upon investigating the package, it seems it's main purpose is to support strong hasing in php versions less than 5.5 https://www.openwall.com/phpass/. Since this package requires php 7.2. I don't think the dependency is required.
|
Thinking about it, this will probably invalidate existing hashes stored in databases. |
|
"phpass was released in 2005 when a typical web host ran PHP 4 and a typical web app used raw MD5. In 2007 and on major web apps moved to phpass, which was an important step forward (bringing web apps' password hashing on par with Unix systems'). phpass API might also have inspired the password_hash() / password_verify() API included in PHP 5.5+. " I can not make any argument defending to keep phpass. Should be removed immediately. Versions that have native functions are already EOL and 7 will be EOL soon too: |
|
@bumbummen99 completely agree, but invalidating all hashes stored in the databases would be a big impact for now. gonna keep all PRs from @TheoKouzelis opened and maybe adding a breaking change or something when merging it. for now I've changed to I've tagged it under let's keep these PRs and merge soon 👍 |
Phpass has been deleted. But upon investigating the package, it seems it's main purpose is to support strong hasing in php versions less than 5.5 https://www.openwall.com/phpass/. Since this package requires php 7.2. I don't think the dependency is required.