Developed with love by KnpLabs Hire us for your project!
81

ElnurBlowfishPasswordEncoderBundle

by elnur

Blowfish (bcrypt) based password encoder for Symfony2

ElnurBlowfishPasswordEncoderBundle

Build Status

Still using MD5 or SHA family hashing algorithms for password “encryption”?
If you are, read this and
that and then come back to
get yourself a copy of this bundle.

The BCrypt password encoder has been added to the Symfony core in 2.2 and has been improved to the level of this
bundle and beyond in 2.3. So, if you're using Symfony 2.3+, consider using the encoder from the core instead of this
bundle.

Installation

  1. Add this to the composer.json:

    {
        "require": {
            "elnur/blowfish-password-encoder-bundle": "~0.5"
        }
    }
    

    And run:

    php composer.phar update elnur/blowfish-password-encoder-bundle
    
  2. Enable the bundle in app/AppKernel.php:

    public function registerBundles()
    {
        $bundles = array(
            // ...
            new Elnur\BlowfishPasswordEncoderBundle\ElnurBlowfishPasswordEncoderBundle(),
        );
    }
    
  3. And, finally, set the encoder in app/config/security.yml:

    security:
        encoders:
            Symfony\Component\Security\Core\User\User:
                id: security.encoder.blowfish
    

Configuration

By default the encoder uses a cost factor of 15, which is pretty reasonable,
but you can change it to a different value in the range of 4-31 by editing
the config.yml file:

elnur_blowfish_password_encoder:
    cost: 10

Each increment of the cost doubles the time it takes to encode a password.

You can change the cost factor at any time — even if you already have some
passwords encoded using a different cost factor. New passwords will be encoded
using the new cost factor, while the already encoded ones will be validated
using a cost factor that was used back when they were encoded.

Usage

A salt for each new password is generated automatically and need not be
persisted. Since an encoded password contains the salt used to encode it,
persisting the encoded password alone is enough.

All the encoded passwords are 60 characters long, so make sure to allocate
enough space for them to be persisted.

License

This bundle is under the MIT license. See the complete license in the bundle:

Resources/meta/LICENSE

Acknowledgements

I thank asm89 for enlightening me by giving the
links you see above and answering my other related questions on the #symfony
channel.

And I thank dustin10 for suggesting to add the
extension class to make the bundle easier to install and configure.

Copyright (c) 2011-2013 Elnur Abdurrakhimov

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
elnur_blowfish_password_encoder:
cost: 15
  • Add information about the replacing encoder in the Symfony core
    By elnur, 5 years ago
  • Test with PHP 5.5 as well
    By elnur, 5 years ago
  • Change the Composer running command in the installation instruction
    By elnur, 5 years ago
  • Update the version in the installation instruction
    By elnur, 5 years ago
  • Enforce a limit on the password length
    By elnur, 5 years ago
  • Make PHPUnit a dev dependency
    By elnur, 6 years ago
  • Make gitignore entries more specific
    By elnur, 6 years ago
  • Switch to tilde version format
    By elnur, 6 years ago
  • Support all Symfony 2.x versions
    By elnur, 6 years ago
  • Update the year range
    By elnur, 6 years ago
  • Use the new PHP 5.5 password api with polyfill
    By relaxnow, 6 years ago
  • Switched to the shorter Markdown file extension.
    By elnur, 6 years ago
  • Integrated with Travis CI.
    By elnur, 6 years ago
  • Added the composer.lock file and vendor dir to gitignore.
    By elnur, 6 years ago
  • Use Composer-generated autoload script for tests.
    By elnur, 6 years ago
  • Permitting symfony 2.2
    By carbocation, 6 years ago
  • Updated the installation instructions to use Composer.
    By elnur, 6 years ago
  • Changed the style of multiple use statements.
    By elnur, 6 years ago
  • Added composer.json.
    By elnur, 7 years ago
  • Made comparison of passwords use anti-timing algorithm provided by Symfony base encoder class
    By shieldo, 7 years ago
  • Reworded the README file a bit.
    By elnur, 7 years ago
  • Added the license to the XML files as well.
    By elnur, 7 years ago
  • Look for and include the bootstrap file of an application dynamically.
    By elnur, 7 years ago
  • Updated the year range in copyright statements.
    By elnur, 7 years ago
  • Simplified the extension code a bit.
    By elnur, 7 years ago
  • Updated the README file according to the new way the bundle works.
    By elnur, 7 years ago
  • Do not use salt anymore because the encoded password contains it already.
    By elnur, 7 years ago
  • Added the license to the header of every PHP file.
    By elnur, 7 years ago
  • Fixed the license header.
    By elnur, 7 years ago
  • Added one more link to an article on encryption.
    By elnur, 7 years ago