1

I am looking for option where I can encrypt an application password which is unique to that app. Example, the same database won't work if the salt changes Security.salt of an app is usually unique.

This link shows an example of new SimplePasswordHasher(['hashType' => 'sha256'])->has($data)

However, when I checking Api of Security class I saw this function which is a static function and I can supply sha256 and default salt to true. I am not using blowfish.

AuthComponent::password() is deprecated so please do not suggest that.

Which is more Cake way of doing things?

Keval Domadia
  • 4,768
  • 1
  • 37
  • 64

2 Answers2

2

SimplePasswordHasher calls Security::hash. Jeez!

Ref: http://api.cakephp.org/2.5/source-class-SimplePasswordHasher.html#33-42

Keval Domadia
  • 4,768
  • 1
  • 37
  • 64
0

In your auth models:

public function beforeSave($options = array()) {
    parent::beforeSave();
    if (!empty($this->data['Model']['password'])) {
        $this->data['Model']['password'] = Security::hash($this->data['Model']['password'], 'sha256', true);
    }
    return true;
}
decocodes
  • 116
  • 5
  • I am sorry but how is this outdated? Instead of using $passwordHasher = new SimplePasswordHasher(array('hashType' => 'sha256')); $this->data['User']['password'] = $passwordHasher->hash( $this->data['User']['password'] I think calling a static method lowers the iteration count and thus - some performance improvements? Let me post on Github – Keval Domadia Jul 21 '14 at 07:38
  • See the [invalid issue](https://github.com/cakephp/cakephp/issues/4043) you opened ;) And the answer there. – mark Jul 21 '14 at 09:27