New in version 9: Starting with TYPO3 v9 argon2i is the standard hashing mechanism
If the hashing mechanism used in passwords is not supported by your PHP build Errors like the following might pop up:
#1533818591 TYPO3\CMS\Core\Crypto\PasswordHashing\InvalidPasswordHashException No implementation found that handles given hash. This happens if the stored hash uses a mechanism not supported by current server.
If an instance has just been upgraded and if argon2i hash mechanism is not available locally, the default backend will still try to upgrade a given user password to argon2i if the install tool has not been executed once.
This typically happens if a system has just been upgraded and a backend login has been performed before the install tool has silently executed upgrade wizards.
Recommended: Fix the server side¶
It is highly recommended to run PHP 7.2 or above with argon2 support. Install a PHP build that supports this or make the project hoster support PHP with argon2. Usually, the argon2 library is just not installed and PHP is compiled without argon2 support. There is little reason to have a PHP build without argon support.
Disable argon2 support in the install tool¶
Call the standalone install tool at
example.org/typo3/install.php and log in
once. This should detect
that argon2 is not available and will configure a different default
hash mechanism. A backend login should be possible afterwards.
If that won’t do, you can change the hash mechanism in Admin Tools > Settings > Configuration Presets > Password hashing presets. This might be necessary if, for example, you moved your system to a different server where argon2 isn’t available. Create a new user that uses the working algorithm.
Manually disable argon2 in the LocalConfiguration.php¶
This may be nessesary if access to the install tool is not possible. This can happen when the first installation was done on a system with argon2 and the installation was then copied to a target system that doesn’t support this encryption type.
Add or edit the following in your
<?php return [ 'BE' => [ // ... // This pseudo password enables you to load the standalone install // tool to be able to generate a new hash value. Change the password // at once! 'installToolPassword' => '$2y$12$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA', 'passwordHashing' => [ 'className' => 'TYPO3\\CMS\\Core\\Crypto\\PasswordHashing\\BcryptPasswordHash', 'options' => , ], ], 'FE' => [ // ... 'passwordHashing' => [ 'className' => 'TYPO3\\CMS\\Core\\Crypto\\PasswordHashing\\BcryptPasswordHash', 'options' => , ], ], // ... ];
If this doesn’t work then check file