TIP: Use Markdown or, <pre> for multi line code blocks / <code> for inline code.
These forums are read-only and for archival purposes only!
Please join our new forums at discourse.kohanaframework.org
Crypt instead of Hash
  • What do you guys think of changing the Auth file driver from using hash_hmac to use crypt. PHP offers full support for algorithms available to crypt, even if the underlying OS does not. That alone is a good reason for me, but I believe crypt also supports more algorithms, in particular Blowfish.

    Here is an example of a new hashing method that would use crypt instead of hash_hmac

    /** * Hashes password using PHP crypt and salt from auth config * * @param string string to hash * @param string additional salt string * @return string */ public function hash($str, $hash_key=NULL) { if ( ! $this->_config['salt']) throw new Kohana_Exception('A valid salt must be set in your auth config.');

        $encrypted = crypt($str, $this->_config['salt'] . $hash_key);
    
        if ( ! $encrypted)
            throw new Kohana_Exception('Failed to generate valid hash.');
    
        return $encrypted;
    }
    

  • Have a look at, andsearch this forum for, shadowhand/bonafide

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion