5

Symfony 4.3 deprecated the bcrypt algorithm, see UPGRADE-4.3.md:

Configuring encoders using argon2i or bcrypt as algorithm has been deprecated, use auto instead.

So I changed security.yaml to:

encoders:
    App\Entity\User:
        algorithm: auto

The problem is that, after changing to auto, the hashed string is longer:

'INSERT INTO users (..., password, ...) VALUES (...)' with params [..., "$argon2id$v=19$m=65536,t=6,p=1$d2RhZjVuaWJsSnE0TW5haA$ycOn7EHjPOoBTSa6SHDOBWL2AvwfPNjAstlSTEMmPpU", ...]:

SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'password' at row 1

This string is 97 characters long, while my password column was 64. I don't find any documentation about the maximum possible length with the "auto" attribute, is it 97? Or it can be more?

the_nuts
  • 5,634
  • 1
  • 36
  • 68
  • 2
    [255 would be a good choice](https://www.php.net/manual/en/function.password-hash.php). – Cerad May 31 '19 at 11:35

1 Answers1

5

As said by @Cerad in comments, the auto mode will likely always produce passwords that are supported by the password_hash() built-in PHP function (depending on the platform).
Therefore you can safely rely on the hint given by the password_hash() documentation:

PASSWORD_DEFAULT - [...] Note that this constant is designed to change over time as new and stronger algorithms are added to PHP. For that reason, the length of the result from using this identifier can change over time. Therefore, it is recommended to store the result in a database column that can expand beyond 60 characters (255 characters would be a good choice).

chalasr
  • 12,971
  • 4
  • 40
  • 82