minor #9269 Mention that argon2i doesn't need a salt either (javiereguiluz)

javiereguiluz · javiereguiluz · commit 9ac45bdfce5e · 2018-02-15T13:22:47.000+01:00
This PR was merged into the 3.4 branch. Discussion ---------- Mention that argon2i doesn't need a salt either Alternative solution to #9256. Commits ------- 35d9936 Mention that argon2i doesn't need a salt either
diff --git a/security/entity_provider.rst b/security/entity_provider.rst
@@ -316,12 +316,12 @@ and password ``admin`` (which has been encoded).
 
 .. sidebar:: Do you need to use a Salt property?
 
-    If you use ``bcrypt``, no. Otherwise, yes. All passwords must be hashed
-    with a salt, but ``bcrypt`` does this internally. Since this tutorial
-    *does* use ``bcrypt``, the ``getSalt()`` method in ``User`` can just
-    return ``null`` (it's not used). If you use a different algorithm, you'll
-    need to uncomment the ``salt`` lines in the ``User`` entity and add a
-    persisted ``salt`` property.
+    If you use ``bcrypt`` or ``argon2i``, no. Otherwise, yes. All passwords must
+    be hashed with a salt, but ``bcrypt`` and ``argon2i`` do this internally.
+    Since this tutorial *does* use ``bcrypt``, the ``getSalt()`` method in
+    ``User`` can just return ``null`` (it's not used). If you use a different
+    algorithm, you'll need to uncomment the ``salt`` lines in the ``User``
+    entity and add a persisted ``salt`` property.
 
 .. _security-advanced-user-interface:
 
