Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Security] added new documentation about PBKDF2 password encoder for 2.2 #1779

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 17, 2012
Merged

[Security] added new documentation about PBKDF2 password encoder for 2.2 #1779

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions book/security.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1200,6 +1200,9 @@ it as base64. In other words, the password has been greatly obfuscated so
that the hashed password can't be decoded (i.e. you can't determine the password
from the hashed password).

.. versionadded:: 2.2
As of Symfony 2.2 you can also use the PBKDF2 password encoder.

If you have some sort of registration form for users, you'll need to be able
to determine the hashed password so that you can set it on your user. No
matter what algorithm you configure for your user object, the hashed password
Expand Down
18 changes: 18 additions & 0 deletions reference/configuration/security.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,13 @@ Each part will be explained in the next section.
encode_as_base64: true
iterations: 5000

# PBKDF2 encoder
Acme\Your\Class\Name:
algorithm: pbkdf2
hash_algorithm: sha512
encode_as_base64: true
iterations: 1000

# Example options/values for what a custom encoder might look like
Acme\Your\Class\Name:
algorithm: ~
Expand Down Expand Up @@ -189,6 +196,17 @@ Each part will be explained in the next section.
ROLE_ADMIN: [ROLE_ORGANIZER, ROLE_USER]
ROLE_SUPERADMIN: [ROLE_ADMIN]

.. caution::
PBKDF2 encoder uses the PBKDF2 (Password-Based Key Derivation Function 2).

Providing a high level of Cryptographic security,
as recommended by the National Institute of Standards and Technology (NIST).

But also warrants a warning, using PBKDF2 (with a high number of iterations) slows down the process.
PBKDF2 should be used with caution and care.

A good configuration lies around at least 1000 iterations and sha512 for the hash algorithm.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think duplicating the same note twice is a good idea

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yea, I wasn't sure about that either. Should I only keep the one in book/security.rst? as that is the one most likely to be read.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should only have the caution here, just because we need to keep the main book chapter as short and readable as possible :)


.. _reference-security-firewall-form-login:

Form Login Configuration
Expand Down