Can we use any user defined encryption method to create user password in Cake PHP, if yes in which files I need to modify?
Asked
Active
Viewed 91 times
0
MNR
- 727
- 1
- 9
- 23
Jinson P L
- 131
- 1
- 1
- 4
-
1**User defined encryption** doesn't sound very secure. Why can't you use existing cryptographic solutions? – byxor Aug 22 '16 at 11:39
-
1**Do not encrypt passwords**, when the attacker gets the DB he will also get the encryption key. Iterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Use functions such as password_hash, PBKDF2, Bcrypt and similar functions. The point is to make the attacker spend a lot of time finding passwords by brute force. – zaph Aug 22 '16 at 11:42
-
1How would you use encryption to _create_ a password, did you mean to store a password? – martinstoeckli Aug 22 '16 at 12:07
-
Yes, I meant to store password in DB – Jinson P L Aug 22 '16 at 14:15
1 Answers
0
You did not specify version, but it surely is possible in CakePHP 3.
I guess you need it for fallback reasons, otherwise, AFAIK cakephp security is great.
Aiphee
- 8,904
- 3
- 18
- 16