Follows-up
95a8974c6.
The version of EncryptedPassword that was merged doesn't use mcrypt, but
rather OpenSSL. Also, show one way of specifying the key, and remove the
"cost" option, which would instead need to be specified for the underlying
type ("bcrypt").
Change-Id: Idaaca765835656113c8f0f1e83cc7e5a2a922fa2
* $wgPasswordConfig['bcrypt-peppered'] = [
* 'class' => EncryptedPassword::class,
* 'underlying' => 'bcrypt',
- * 'secrets' => [],
- * 'cipher' => MCRYPT_RIJNDAEL_256,
- * 'mode' => MCRYPT_MODE_CBC,
- * 'cost' => 5,
+ * 'secrets' => [
+ * hash( 'sha256', 'secret', true ),
+ * ],
+ * 'cipher' => 'aes-256-cbc',
* ];
* @endcode
*