8000 Mention that argon2i doesn't need a salt either · symfony/symfony-docs@35d9936 · GitHub
[go: up one dir, main page]
Skip to content

Commit 35d9936

Browse files
javiereguiluzjaviereguiluz
committed
Mention that argon2i doesn't need a salt either
1 parent 0604b7a commit 35d9936

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

security/entity_provider.rst

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -316,12 +316,12 @@ and password ``admin`` (which has been encoded).
316316
317317
.. sidebar:: Do you need to use a Salt property?
318318

319-
If you use ``bcrypt``, no. Otherwise, yes. All passwords must be hashed
320-
with a salt, but ``bcrypt`` does this internally. Since this tutorial
321-
*does* use ``bcrypt``, the ``getSalt()`` method in ``User`` can just
322-
return ``null`` (it's not used). If you use a different algorithm, you'll
323-
need to uncomment the ``salt`` lines in the ``User`` entity and add a
324-
persisted ``salt`` property.
319+
If you use ``bcrypt`` or ``argon2i``, no. Otherwise, yes. All passwords must
320+
be hashed with a salt, but ``bcrypt`` and ``argon2i`` do this internally.
321+
Since this tutorial *does* use ``bcrypt``, the ``getSalt()`` method in
322+
``User`` can just return ``null`` (it's not used). If you use a different
323+
algorithm, you'll need to uncomment the ``salt`` lines in the ``User``
324+
entity and add a persisted ``salt`` property.
325325

326326
.. _security-advanced-user-interface:
327327

0 commit comments

Comments
 (0)
0