Merge pull request #68 from fefo-p/multiple-hashing-algorithms-option

Multiple hashing algorithm option
lonnieezell · Aug 8, 2019 · 0488b09 · 0488b09
2 parents e4fabd3 + 932baa5
commit 0488b09
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 8 deletions.
diff --git a/src/Authentication/LocalAuthenticator.php b/src/Authentication/LocalAuthenticator.php
@@ -151,7 +151,7 @@ public function validate(array $credentials, bool $returnUser=false)
         // This would be due to the hash algorithm or hash
         // cost changing since the last time that a user
         // logged in.
-        if (password_needs_rehash($user->password_hash, PASSWORD_DEFAULT))
+        if (password_needs_rehash($user->password_hash, $this->config->hashAlgorithm))
         {
             $user->password = $password;
             $this->userModel->save($user);

diff --git a/src/Config/Auth.php b/src/Config/Auth.php
@@ -69,6 +69,23 @@ class Auth extends BaseConfig
     //
     public $silent = false;
 
+    // Valid values are PASSWORD_DEFAULT, PASSWORD_BCRYPT and PASSWORD_ARGON2I.
+    public $hashAlgorithm = PASSWORD_ARGON2I;
+
+    //--------------------------------------------------------------------
+    // ARGON2i Algorithm options
+    //--------------------------------------------------------------------
+    // The ARGON2I method of encryption allows you to define the "memory_cost",
+    // the "time_cost" and the number of "threads", whenever a password hash is created.
+    // This defaults to a value of 10 which is an acceptable number.
+    // However, depending on the security needs of your application
+    // and the power of your hardware, you might want to increase the
+    // cost. This makes the hashing process takes longer.
+    //
+    public $hashMemoryCost = PASSWORD_ARGON2_DEFAULT_MEMORY_COST;  // 1024
+    public $hashTimeCost = PASSWORD_ARGON2_DEFAULT_TIME_COST;      // 2
+    public $hashThreads = PASSWORD_ARGON2_DEFAULT_THREADS;         // 2
+
     //--------------------------------------------------------------------
     // Password Hashing Cost
     //--------------------------------------------------------------------

diff --git a/src/Entities/User.php b/src/Entities/User.php
@@ -41,13 +41,28 @@ public function setPassword(string $password)
 	{
         $config = config('Auth');
 
-		$this->attributes['password_hash'] = password_hash(
-			base64_encode(
-				hash('sha384', $password, true)
-			),
-			PASSWORD_DEFAULT,
-			['cost' => $config->hashCost]
-		);
+        if($config->hashAlgorithm == PASSWORD_ARGON2I)
+        {
+            $hashOptions = [
+                'memory_cost' => $config->hashMemoryCost,
+                'time_cost'   => $config->hashTimeCost,
+                'threads'     => $config->hashThreads
+                ];
+        }
+        else
+        {
+            $hashOptions = [
+                'cost' => $config->hashCost
+                ];
+        }
+
+        $this->attributes['password_hash'] = password_hash(
+            base64_encode(
+                hash('sha384', $password, true)
+            ),
+            $config->hashAlgorithm,
+            $hashOptions
+        );
 	}
 
     /**