It's recommanded to use BCRYPT(most recents) instead of SHA512 for encoders to encode password in security
http://symfony.com/fr/doc/current/reference/configuration/security.html#utiliser-l-encodeur-bcrypt
Symfomany
All 9 comments
If your users have a password, then we recommend encoding it using the bcrypt encoder, instead of the
traditional SHA-512 hashing encoder. The main advantages of bcrypt are the inclusion of a salt value to
protect against rainbow table attacks, and its adaptive nature, which allows to make it slower to remain
resistant to brute-force search attacks.
With this in mind, here is the authentication setup from our application, which uses a login form to load
users from the database:
Symfomany
on 16 Jul 2015
I am using bcrypt too with Sylius and wanted to mention that you want to use setPassword (instead of setPlainPassword) in test fixtures to skip the long encryption and so speed up the tests. Are there any plans to make Sylius use bcrypt by default?
koemeet
on 15 Mar 2016
@pjedrzejewski Any plans on introducing this?
koemeet
on 15 Sep 2016
This issue has been automatically marked as stale because it has not had any recent activity. It will be closed in a week if no further activity occurs. Thank you for your contributions.
![stale[bot] picture](https://avatars.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 2 Feb 2018
This is a security risk. :disappointed:
teohhanhui
on 29 Mar 2018
teohhanhui
on 30 Mar 2018
Sylius does not use password_hash to store passwords?
It should...
psihius
on 2 Apr 2018
Yeah, it would be great to have it in 1.2, but we have to provide the full migration path for existing users.
pamil
on 3 Apr 2018
I've opened #9560 to coordinate further efforts, let's make it happen in v1.3.0 release 馃帀
pamil
on 5 Jul 2018
Related issues
loic425
路
3Comments
loic425
路
3Comments
stefandoorn
路
3Comments
hmonglee
路
3Comments
inssein
路
3Comments
Most helpful comment
I've opened #9560 to coordinate further efforts, let's make it happen in v1.3.0 release 馃帀