Merge remote-tracking branch 'origin/master'

weaverryan · weaverryan · commit 77ee60088d4e · 2012-10-17T16:50:24.000-05:00
diff --git a/book/security.rst b/book/security.rst
@@ -1200,6 +1200,9 @@ it as base64. In other words, the password has been greatly obfuscated so
 that the hashed password can't be decoded (i.e. you can't determine the password
 from the hashed password).
 
+.. versionadded:: 2.2
+    As of Symfony 2.2 you can also use the PBKDF2 password encoder.
+
 If you have some sort of registration form for users, you'll need to be able
 to determine the hashed password so that you can set it on your user. No
 matter what algorithm you configure for your user object, the hashed password
diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
@@ -55,6 +55,13 @@ Each part will be explained in the next section.
                     encode_as_base64:    true
                     iterations:          5000
 
+                # PBKDF2 encoder
+                Acme\Your\Class\Name:
+                    algorithm:            pbkdf2
+                    hash_algorithm:       sha512
+                    encode_as_base64:     true
+                    iterations:           1000
+
                 # Example options/values for what a custom encoder might look like
                 Acme\Your\Class\Name:
                     algorithm:            ~
@@ -189,6 +196,17 @@ Each part will be explained in the next section.
                 ROLE_ADMIN:      [ROLE_ORGANIZER, ROLE_USER]
                 ROLE_SUPERADMIN: [ROLE_ADMIN]
 
+.. caution::
+    PBKDF2 encoder uses the PBKDF2 (Password-Based Key Derivation Function 2).
+
+    Providing a high level of Cryptographic security,
+    as recommended by the National Institute of Standards and Technology (NIST).
+
+    But also warrants a warning, using PBKDF2 (with a high number of iterations) slows down the process.
+    PBKDF2 should be used with caution and care.
+    
+    A good configuration lies around at least 1000 iterations and sha512 for the hash algorithm.
+
 .. _reference-security-firewall-form-login:
 
 Form Login Configuration
