Manual:$wgPasswordConfig
From mediawiki.org
Languages:
| Authentication: $wgPasswordConfig | |
|---|---|
| Configuration for built-in password types. |
|
| Introduced in version: | 1.24.0 (Gerrit change 77645; git #95a8974c) |
| Removed in version: | Still in use |
| Allowed values: | (array) |
| Default value: | see below |
| Other settings: Alphabetical | By function | |
Details
[edit ]Configuration for built-in password types.
Maps the password type to an array of options:
- class - The Password class to use.
- factory (introduced in 1.40) - A function that creates and returns a suitable Password object. This option is intended only for internal use; the function signature is unstable and subject to change in future versions.
All other options are class-dependent.
Default
[edit ] MediaWiki version:
≥ 1.43
$wgPasswordConfig = [ 'A' => [ 'class' => MWOldPassword::class, ], 'B' => [ 'class' => MWSaltedPassword::class, ], 'pbkdf2-legacyA' => [ 'class' => LayeredParameterizedPassword::class, 'types' => [ 'A', 'pbkdf2', ], ], 'pbkdf2-legacyB' => [ 'class' => LayeredParameterizedPassword::class, 'types' => [ 'B', 'pbkdf2', ], ], 'bcrypt' => [ 'class' => BcryptPassword::class, 'cost' => 9, ], 'pbkdf2' => [ 'class' => Pbkdf2PasswordUsingOpenSSL::class, 'algo' => 'sha512', 'cost' => '30000', 'length' => '64', ], 'argon2' => [ // 1.33+ 'class' => Argon2Password::class, // Algorithm used: // * 'argon2i' is optimized against side-channel attacks (PHP 7.2+) // * 'argon2id' is optimized against both side-channel and GPU cracking (PHP 7.3+) // * 'auto' to use the best available algorithm. If you're using more than one server, be // careful when you're mixing PHP versions because newer PHP might generate hashes that // older versions would not understand. 'algo' => 'auto', // The parameters below are the same as options accepted by password_hash(). // Set them to override that function's defaults. // // 'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST, // 'time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST, // 'threads' => PASSWORD_ARGON2_DEFAULT_THREADS, ], ];
MediaWiki versions:
1.40 – 1.42
$wgPasswordConfig = [ 'A' => [ 'class' => MWOldPassword::class, ], 'B' => [ 'class' => MWSaltedPassword::class, ], 'pbkdf2-legacyA' => [ 'class' => LayeredParameterizedPassword::class, 'types' => [ 'A', 'pbkdf2', ], ], 'pbkdf2-legacyB' => [ 'class' => LayeredParameterizedPassword::class, 'types' => [ 'B', 'pbkdf2', ], ], 'bcrypt' => [ 'class' => BcryptPassword::class, 'cost' => 9, ], 'pbkdf2' => [ 'factory' => [ AbstractPbkdf2Password::class, 'newInstance' ], 'algo' => 'sha512', 'cost' => '30000', 'length' => '64', ], 'argon2' => [ // 1.33+ 'class' => Argon2Password::class, // Algorithm used: // * 'argon2i' is optimized against side-channel attacks (PHP 7.2+) // * 'argon2id' is optimized against both side-channel and GPU cracking (PHP 7.3+) // * 'auto' to use the best available algorithm. If you're using more than one server, be // careful when you're mixing PHP versions because newer PHP might generate hashes that // older versions would not understand. 'algo' => 'auto', // The parameters below are the same as options accepted by password_hash(). // Set them to override that function's defaults. // // 'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST, // 'time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST, // 'threads' => PASSWORD_ARGON2_DEFAULT_THREADS, ], ];
MediaWiki versions:
1.33 – 1.39
$wgPasswordConfig = [ 'A' => [ 'class' => MWOldPassword::class, ], 'B' => [ 'class' => MWSaltedPassword::class, ], 'pbkdf2-legacyA' => [ 'class' => LayeredParameterizedPassword::class, 'types' => [ 'A', 'pbkdf2', ], ], 'pbkdf2-legacyB' => [ 'class' => LayeredParameterizedPassword::class, 'types' => [ 'B', 'pbkdf2', ], ], 'bcrypt' => [ 'class' => BcryptPassword::class, 'cost' => 9, ], 'pbkdf2' => [ 'class' => Pbkdf2Password::class, 'algo' => 'sha512', 'cost' => '30000', 'length' => '64', ], 'argon2' => [ // 1.33+ 'class' => Argon2Password::class, // Algorithm used: // * 'argon2i' is optimized against side-channel attacks (PHP 7.2+) // * 'argon2id' is optimized against both side-channel and GPU cracking (PHP 7.3+) // * 'auto' to use the best available algorithm. If you're using more than one server, be // careful when you're mixing PHP versions because newer PHP might generate hashes that // older versions would not understand. 'algo' => 'auto', // The parameters below are the same as options accepted by password_hash(). // Set them to override that function's defaults. // // 'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST, // 'time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST, // 'threads' => PASSWORD_ARGON2_DEFAULT_THREADS, ], ];
MediaWiki versions:
1.31 – 1.32
$wgPasswordConfig = [ 'A' => [ 'class' => MWOldPassword::class, ], 'B' => [ 'class' => MWSaltedPassword::class, ], 'pbkdf2-legacyA' => [ 'class' => LayeredParameterizedPassword::class, 'types' => [ 'A', 'pbkdf2', ], ], 'pbkdf2-legacyB' => [ 'class' => LayeredParameterizedPassword::class, 'types' => [ 'B', 'pbkdf2', ], ], 'bcrypt' => [ 'class' => BcryptPassword::class, 'cost' => 9, ], 'pbkdf2' => [ 'class' => Pbkdf2Password::class, 'algo' => 'sha512', 'cost' => '30000', 'length' => '64', ], ];
MediaWiki versions:
1.24 – 1.30
$wgPasswordConfig = [ 'A' => [ 'class' => 'MWOldPassword', ], 'B' => [ 'class' => 'MWSaltedPassword', ], 'pbkdf2-legacyA' => [ 'class' => 'LayeredParameterizedPassword', 'types' => [ 'A', 'pbkdf2', ], ], 'pbkdf2-legacyB' => [ 'class' => 'LayeredParameterizedPassword', 'types' => [ 'B', 'pbkdf2', ], ], 'bcrypt' => [ 'class' => 'BcryptPassword', 'cost' => 9, ], 'pbkdf2' => [ 'class' => 'Pbkdf2Password', 'algo' => 'sha512', 'cost' => '30000', 'length' => '64', ], ];
Example
[edit ]The following example shows on how user-defined password encryptions can be added to the LocalSettings.php file:
$wgPasswordConfig['bcrypt-peppered'] = [ 'class' => 'EncryptedPassword', 'underlying' => 'bcrypt', 'secrets' => array(), 'cipher' => MCRYPT_RIJNDAEL_256, 'mode' => MCRYPT_MODE_CBC, 'cost' => 5, ];