From f45186e7e73621ff9c27f60d91d6ffef4a478eb6 Mon Sep 17 00:00:00 2001
From: Gerrit Mohrmann <mohrmann.t3@gmx.de>
Date: Wed, 4 Mar 2020 22:06:13 +0100
Subject: [PATCH] [TASK] Lower priority of Argon2id
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Argon2id should never be set automatically for compatibility reasons.

At some places the array sorting will give the priority which password
hashing type will be used, but the priority value from the preset is
also used.

To make sure Argon2i is set for new installations, priority of Argon2id
is set below Argon2i.

Resolves: #90643
Releases: master
Change-Id: Idb96b17eda80a783d2de0d228f7381bfd674ce54
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/63550
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Frank Nägler <frank.naegler@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Frank Nägler <frank.naegler@typo3.org>
---
 .../Classes/Configuration/PasswordHashing/Argon2idPreset.php    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/typo3/sysext/install/Classes/Configuration/PasswordHashing/Argon2idPreset.php b/typo3/sysext/install/Classes/Configuration/PasswordHashing/Argon2idPreset.php
index 652a4694bfd7..997b33857ca2 100644
--- a/typo3/sysext/install/Classes/Configuration/PasswordHashing/Argon2idPreset.php
+++ b/typo3/sysext/install/Classes/Configuration/PasswordHashing/Argon2idPreset.php
@@ -33,7 +33,7 @@ class Argon2idPreset extends AbstractPreset
     /**
      * @var int Priority of preset
      */
-    protected $priority = 80;
+    protected $priority = 65;
 
     /**
      * @var array Configuration values handled by this preset
-- 
GitLab