Manual:$wgPasswordConfig

From Linux Web Expert

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
<translate> Authentication</translate>: $wgPasswordConfig
Configuration for built-in password types.
<translate> Introduced in version:</translate>1.24.0 (Gerrit change 77645; git #95a8974c)
<translate> Removed in version:</translate><translate> still in use</translate>
<translate> Allowed values:</translate>(array)
<translate> Default value:</translate>see below

Details

Configuration for built-in password types.

Maps the password type to an array of options:

  • class - The Password class to use.
  • factory <translate> (introduced in <tvar - A function that creates and returns a suitable Password object. This option is intended only for internal use; the function signature is unstable and subject to change in future versions.

All other options are class-dependent.

Default

<td class="mw-version-versionbox" title="<translate nowrap> The latest stable version is <tvar name=1>1.41</tvar></translate>">
<translate> ≥</translate> 1.40
<translate> MediaWiki version:</translate>
$wgPasswordConfig = [
	'A' => [
		'class' => MWOldPassword::class,
	],
	'B' => [
		'class' => MWSaltedPassword::class,
	],
	'pbkdf2-legacyA' => [
		'class' => LayeredParameterizedPassword::class,
		'types' => [
			'A',
			'pbkdf2',
		],
	],
	'pbkdf2-legacyB' => [
		'class' => LayeredParameterizedPassword::class,
		'types' => [
			'B',
			'pbkdf2',
		],
	],
	'bcrypt' => [
		'class' => BcryptPassword::class,
		'cost' => 9,
	],
	'pbkdf2' => [
		'factory' => [ AbstractPbkdf2Password::class, 'newInstance' ],
		'algo' => 'sha512',
		'cost' => '30000',
		'length' => '64',
	],
	'argon2' => [	// 1.33+
		'class' => Argon2Password::class,

		// Algorithm used:
		// * 'argon2i' is optimized against side-channel attacks (PHP 7.2+)
		// * 'argon2id' is optimized against both side-channel and GPU cracking (PHP 7.3+)
		// * 'auto' to use best available algorithm. If you're using more than one server, be
		//   careful when you're mixing PHP versions because newer PHP might generate hashes that
		//   older versions might would not understand.
		'algo' => 'auto',

		// The parameters below are the same as options accepted by password_hash().
		// Set them to override that function's defaults.
		//
		// 'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
		// 'time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST,
		// 'threads' => PASSWORD_ARGON2_DEFAULT_THREADS,
	],
];
<td class="mw-version-versionbox" title="<translate nowrap> MediaWiki <tvar name=1>1.39</tvar> is legacy version</translate>">
1.33 – 1.39
<translate> MediaWiki versions:</translate>
$wgPasswordConfig = [
	'A' => [
		'class' => MWOldPassword::class,
	],
	'B' => [
		'class' => MWSaltedPassword::class,
	],
	'pbkdf2-legacyA' => [
		'class' => LayeredParameterizedPassword::class,
		'types' => [
			'A',
			'pbkdf2',
		],
	],
	'pbkdf2-legacyB' => [
		'class' => LayeredParameterizedPassword::class,
		'types' => [
			'B',
			'pbkdf2',
		],
	],
	'bcrypt' => [
		'class' => BcryptPassword::class,
		'cost' => 9,
	],
	'pbkdf2' => [
		'class' => Pbkdf2Password::class,
		'algo' => 'sha512',
		'cost' => '30000',
		'length' => '64',
	],
	'argon2' => [	// 1.33+
		'class' => Argon2Password::class,

		// Algorithm used:
		// * 'argon2i' is optimized against side-channel attacks (PHP 7.2+)
		// * 'argon2id' is optimized against both side-channel and GPU cracking (PHP 7.3+)
		// * 'auto' to use best available algorithm. If you're using more than one server, be
		//   careful when you're mixing PHP versions because newer PHP might generate hashes that
		//   older versions might would not understand.
		'algo' => 'auto',

		// The parameters below are the same as options accepted by password_hash().
		// Set them to override that function's defaults.
		//
		// 'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST,
		// 'time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST,
		// 'threads' => PASSWORD_ARGON2_DEFAULT_THREADS,
	],
];
<td class="mw-version-versionbox" title="<translate nowrap> MediaWiki <tvar name=1>1.32</tvar> is unsupported version</translate>">
1.31 – 1.32
<translate> MediaWiki versions:</translate>
$wgPasswordConfig = [
	'A' => [
		'class' => MWOldPassword::class,
	],
	'B' => [
		'class' => MWSaltedPassword::class,
	],
	'pbkdf2-legacyA' => [
		'class' => LayeredParameterizedPassword::class,
		'types' => [
			'A',
			'pbkdf2',
		],
	],
	'pbkdf2-legacyB' => [
		'class' => LayeredParameterizedPassword::class,
		'types' => [
			'B',
			'pbkdf2',
		],
	],
	'bcrypt' => [
		'class' => BcryptPassword::class,
		'cost' => 9,
	],
	'pbkdf2' => [
		'class' => Pbkdf2Password::class,
		'algo' => 'sha512',
		'cost' => '30000',
		'length' => '64',
	],
];
<td class="mw-version-versionbox" title="<translate nowrap> MediaWiki <tvar name=1>1.30</tvar> is unsupported version</translate>">
1.24 – 1.30
<translate> MediaWiki versions:</translate>
$wgPasswordConfig = [
	'A' => [
		'class' => 'MWOldPassword',
	],
	'B' => [
		'class' => 'MWSaltedPassword',
	],
	'pbkdf2-legacyA' => [
		'class' => 'LayeredParameterizedPassword',
		'types' => [
			'A',
			'pbkdf2',
		],
	],
	'pbkdf2-legacyB' => [
		'class' => 'LayeredParameterizedPassword',
		'types' => [
			'B',
			'pbkdf2',
		],
	],
	'bcrypt' => [
		'class' => 'BcryptPassword',
		'cost' => 9,
	],
	'pbkdf2' => [
		'class' => 'Pbkdf2Password',
		'algo' => 'sha512',
		'cost' => '30000',
		'length' => '64',
	],
];

Example

The following example shows on how user-defined password encryptions can be added to the LocalSettings.php file:

$wgPasswordConfig['bcrypt-peppered'] = [
    'class' => 'EncryptedPassword',
    'underlying' => 'bcrypt',
    'secrets' => array(),
    'cipher' => MCRYPT_RIJNDAEL_256,
    'mode' => MCRYPT_MODE_CBC,
    'cost' => 5,
];

See also