support for configurable $id in Phpass\Adapter\Portable.php

[DerManoMann]

Me again.

I was wondering if it would be possible to change Portable.php to accept the id string ($H$) as config option. This would be much cleaner than the current if ($id != '$P$' && $id != '$H$') stuff and also allow to make things like isValid() work too.

Cheers, mano

[rchouinard]

It should be easy to add the id string as an option to the adapter, but I'm not sure how useful that would be. Is there a solid use case where you might need to change the id string on the fly?

[DerManoMann]

hm, i am not changing it on the fly, but i might need two instances with different ids. In my case the code might need to support standard hashes and phpbb3 hashes, so i like to have two instances, one for each id. also, with just a single id property all of the class code will work with that id, including generation of new hashes using the custom id.

[rchouinard]

Okay, I think I see what you're saying. You might need need to work with both phpass standard and phpbb portable hashes. The adapter can validate, but not generate, hashes with the phpbb identifier.

I'd hate to allow for more fragmentation here. Would it work to have a flag to generate phpbb hash strings (maybe phpbbCompat?), or do you think allowing arbitrary id strings in these hashes is really necessary?

[DerManoMann]

Ah, ok - i could live with that - looks like the new API is a bit different anyway.

I wonder what more fragmentation there would be? Ok, people could use different strings, but as long as the rest is the same it doesn't really make much sense anyway. (In that respect I do not really see the sense in what phpbb3 does). OTOH, I'd rather have a generic optional way to use a different id rather than hardcoded special cases for specific applications. That would spoil the whole modularisation, IMO. If yo feel strongly about it (I haven't really looked deeper into the 2.0 branch) would it be possible to have instead a phpbb3 specific adapter? It could extend the default class and just change the id - that way the code sharing is similar, but instead of having if/else code looking for a phpbb3 flag (how is that different from allowing to pass in the id?) you'd have a nice specific implementation for phpbb3. Either way - just asking. I've lived with a custom patched version for a few years now, so no need to rush. Still, I'd rather use a stock standard version...

[ghost]

Ah, i'm down with the custom adapter for phpBB3,but i do have one use case for allowing one to set the hash identifier.

I've been using an older version of postfixadmin to manage my email boxes and it sets the hash id to $1$.

I'm about to migrate my email away from self hosted so i won't really care if you don't bother, but i did want to share the use case.

[rchouinard]

I've just introduced an adapter option to the develop branch to address the issue of generating phpBB compatible hashes. I'm still not comfortable with opening up free reign with the hash ID, otherwise it begins to lose its meaning. Anyway, passing the option phpBBCompat to the Portable adapter will now use $H$ for portable hashes instead of $P$.

In the example of $1$, that's actually (supposed) to be a salted MD5 hash, not a portable PHP hash.