* [MOD] Passwords string that need hashing (not related to accounts p…

…assword) and its length greater than 72 characters, are now hashed using SHA256 and then BCRYPT. A message is shown in syspass.log file.

inc/SP/Core/Crypt/Hash.class.php

@@ -31,6 +31,11 @@
  */
 class Hash
 {
+    /**
+     * Longitud máxima aceptada para hashing
+     */
+    const MAX_KEY_LENGTH = 72;
+
     /**
      * Comprobar el hash de una clave.
      *
@@ -41,7 +46,27 @@ class Hash
      */
     public static function checkHashKey($key, $hash)
     {
-        return password_verify($key, $hash);
+        return password_verify(self::getKey($key), $hash);
+    }
+
+    /**
+     * Devolver la clave preparada. Se crea un hash si supera la longitud máxima.
+     *
+     * @param string $key
+     * @param bool   $isCheck Indica si la operación es de comprobación o no
+     * @return string
+     */
+    private static function getKey(&$key, $isCheck = true)
+    {
+        if (mb_strlen($key) > Hash::MAX_KEY_LENGTH) {
+            $key = hash('sha256', $key);
+
+            if ($isCheck === false) {
+                debugLog('[INFO] Password string shortened using SHA256 and then BCRYPT');
+            }
+        }
+
+        return $key;
     }
 
     /**
@@ -52,6 +77,6 @@ public static function checkHashKey($key, $hash)
      */
     public static function hashKey($key)
     {
-        return password_hash($key, PASSWORD_BCRYPT);
+        return password_hash(self::getKey($key, false), PASSWORD_BCRYPT);
     }
 }

inc/SP/Util/Util.class.php

@@ -407,7 +407,7 @@ public static function getAppInfo($index = null)
      */
     public static function getVersion($retBuild = false, $normalized = false)
     {
-        $build = 17041304;
+        $build = 17041401;
         $version = [2, 1, 6];
 
         if ($normalized === true) {