Bcrypt phpversion requirement

[barryvdh]

Bcrypt hashing requires php 5.3.7, because of the needed support for $2y. But as described in ircmaxell/password_compat#10, there are versions where this support is backported. The readme also states This library requires PHP >= 5.3.7 OR a version that has the $2y fix backported into it (such as RedHat provides).

When running on such a php version, I tried the version-test.php from the password_compat library, and it passes on the 5.3.3 Redhat version. But when using the Laravel Hashing functions, a new \RuntimeException("Bcrypt hashing requires PHP 5.3.7"); is thrown, because of the version check.

Removing this check works fine and passwords are generated okay. Is is possible to remove the password check, or perhaps set a variable to overrule this check?

I can see why you would want to check by default, but a way to enable this without changing the vendor files would be appreciated.

[bencorlett]

I said this exact thing ages ago so I agree fully. In Sentry, we check if the hashed password === false. If it does, we bitch out then, and then only.

[taylorotwell]

Yeah checking for false password would probably be better on our end. I'll make that change.

[bencorlett]

For reference https://github.com/cartalyst/sentry/blob/master/src/Cartalyst/Sentry/Hashing/NativeHasher.php#L31-L42

On 13/06/2013, at 12:50 PM, Taylor Otwell [email protected] wrote:

Yeah checking for false password would probably be better on our end. I'll make that change.

—
Reply to this email directly or view it on GitHub.