From 35d993617c0d2f1ba7e19f03e371696b9bc6364b Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Thu, 15 Feb 2018 13:19:37 +0100 Subject: [PATCH] Mention that argon2i doesn't need a salt either --- security/entity_provider.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/security/entity_provider.rst b/security/entity_provider.rst index 49e8310f4fb..e82432e42dc 100644 --- a/security/entity_provider.rst +++ b/security/entity_provider.rst @@ -316,12 +316,12 @@ and password ``admin`` (which has been encoded). .. sidebar:: Do you need to use a Salt property? - If you use ``bcrypt``, no. Otherwise, yes. All passwords must be hashed - with a salt, but ``bcrypt`` does this internally. Since this tutorial - *does* use ``bcrypt``, the ``getSalt()`` method in ``User`` can just - return ``null`` (it's not used). If you use a different algorithm, you'll - need to uncomment the ``salt`` lines in the ``User`` entity and add a - persisted ``salt`` property. + If you use ``bcrypt`` or ``argon2i``, no. Otherwise, yes. All passwords must + be hashed with a salt, but ``bcrypt`` and ``argon2i`` do this internally. + Since this tutorial *does* use ``bcrypt``, the ``getSalt()`` method in + ``User`` can just return ``null`` (it's not used). If you use a different + algorithm, you'll need to uncomment the ``salt`` lines in the ``User`` + entity and add a persisted ``salt`` property. .. _security-advanced-user-interface: