diff options
author | Aleksander Machniak <alec@alec.pl> | 2014-12-09 18:39:55 +0100 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2014-12-09 18:42:25 +0100 |
commit | 753c8849accbbe0cb3ebef01e8b3e2ff3481a336 (patch) | |
tree | 61c86c708e69fa3941a63cab67b9829a39dea84c /plugins/password/drivers/sql.php | |
parent | 35502e04a83f6608009be2b034029a8066cbf36a (diff) |
Fix generation of Blowfish-based password hashes (#1490184)
Added password_blowfish_cost config option.
Conflicts:
CHANGELOG
Diffstat (limited to 'plugins/password/drivers/sql.php')
-rw-r--r-- | plugins/password/drivers/sql.php | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php index 7a51dfe44..7f2ec7f3f 100644 --- a/plugins/password/drivers/sql.php +++ b/plugins/password/drivers/sql.php @@ -60,8 +60,10 @@ class rcube_sql_password $len = 2; break; case 'blowfish': - $len = 22; - $salt_hashindicator = '$2a$'; + $cost = (int) $rcmail->config->get('password_blowfish_cost'); + $cost = $cost < 4 || $cost > 31 ? 12 : $cost; + $len = 22; + $salt_hashindicator = sprintf('$2a$%02d$', $cost); break; case 'sha256': $len = 16; |