Will Zend\Crypt\Password\Bcrypt be deprecated in ZF3?

[RalfEggert]

ZF3 will move to PHP 5.5 and we have a native password_verify() and password_hash() there.

Will Zend\Crypt\Password\Bcrypt be deprecated or even removed from ZF3? Or has Zend\Crypt\Password\Bcrypt any advantage over the native PHP implementation?

[Maks3w]

It provide a better pseudorandom source which is the main source of security issues until PHP 7

[RalfEggert]

So, Zend\Crypt\Password\Bcrypt should be prefered over the PHP implementation until I use PHP7?

[paragonie-scott]

It provide a better pseudorandom source which is the main source of security issues until PHP 7

• https://github.com/zendframework/zend-crypt/blob/5c00d9c4d161d0e386679e70a3fa81bb571d02bf/src/Password/Bcrypt.php#L14
• https://github.com/zendframework/zend-crypt/blob/5c00d9c4d161d0e386679e70a3fa81bb571d02bf/src/Password/Bcrypt.php#L77
• https://github.com/zendframework/zend-math/blob/f3cf2e8d954d24099626b43f6da5de2a192e47d7/src/Rand.php#L26-L90
• https://github.com/zendframework/zend-math/blob/master/src/Source/HashTiming.php

I really hope "it" is referring to PHP 5.5's implementation, not ZF2's. Insecure CSPRNG fallbacks are a bad idea.

(Maybe consider using https://github.com/paragonie/random_compat or https://github.com/ircmaxell/RandomLib instead?)

[Ocramius]

Since PHP 5.5 is a requirement as of 2.5.2, we can safely remove any of our internal implementation and just rely on PHP's password_hash() and password_verify() implementation. Deprecation is not worth it, IMO, especially since we may throw exceptions (maybe at install time?), should the machine where the component is installed contain some security issues around password hashing, but the classes would basically become empty shells forwarding calls to password_hash() and password_verify().

[paragonie-scott]

:+1: for using the password API built into PHP :)

[Maks3w]

I'm not sure if PHP 5.5 hash implementation is "good" without to dig in PHP 5.5 source code.

As far as I can say PHP 5.6 improves the random generator for MCrypt and Crypt. PHP 7 definitevely provides native CSPRNG functions. And only PHP 7 deprecate bcrypt salt option because native generator is enough safe.

So a new PasswordInterface adapter can be proposed for wrap PHP hash API exposing algorithm (1st argument) and options (3rd argument) in the adapter constructor.

[ezimuel]

@RalfEggert we provided the Bcrypt support since PHP 5.3. For BC reason, we will continue to support it and I'm working on a patch to support the PHP 5.5 password_verify() and password_usage() under the hood. Regarding the security of bcrypt usage of ZF2 we used some best practices for random number generation and cost value. That said, the security with PHP 5.5+ it's equivalent.

[ezimuel]

@paragonie-scott we are already using the ircmaxell/RandomLib library as fallback in zend-math, with a mixer function.