diff options
Diffstat (limited to 'plugins/password/drivers')
-rw-r--r-- | plugins/password/drivers/ldap.php | 8 | ||||
-rw-r--r-- | plugins/password/drivers/sql.php | 6 |
2 files changed, 10 insertions, 4 deletions
diff --git a/plugins/password/drivers/ldap.php b/plugins/password/drivers/ldap.php index d46da0b26..d11dbdc7d 100644 --- a/plugins/password/drivers/ldap.php +++ b/plugins/password/drivers/ldap.php @@ -232,8 +232,12 @@ class rcube_ldap_password return false; } - /* Hardcoded to second blowfish version and set number of rounds */ - $crypted_password = '{CRYPT}' . crypt($password_clear, '$2a$12$' . self::random_salt(13)); + $rcmail = rcmail::get_instance(); + $cost = (int) $rcmail->config->get('password_blowfish_cost'); + $cost = $cost < 4 || $cost > 31 ? 12 : $cost; + $prefix = sprintf('$2a$%02d$', $cost); + + $crypted_password = '{CRYPT}' . crypt($password_clear, $prefix . self::random_salt(22)); break; case 'md5': diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php index 7a51dfe44..7f2ec7f3f 100644 --- a/plugins/password/drivers/sql.php +++ b/plugins/password/drivers/sql.php @@ -60,8 +60,10 @@ class rcube_sql_password $len = 2; break; case 'blowfish': - $len = 22; - $salt_hashindicator = '$2a$'; + $cost = (int) $rcmail->config->get('password_blowfish_cost'); + $cost = $cost < 4 || $cost > 31 ? 12 : $cost; + $len = 22; + $salt_hashindicator = sprintf('$2a$%02d$', $cost); break; case 'sha256': $len = 16; |