-
What do you guys think of changing the Auth file driver from using hash_hmac to use crypt. PHP offers full support for algorithms available to crypt, even if the underlying OS does not. That alone is a good reason for me, but I believe crypt also supports more algorithms, in particular Blowfish.
Here is an example of a new hashing method that would use crypt instead of hash_hmac
/** * Hashes password using PHP crypt and salt from auth config * * @param string string to hash * @param string additional salt string * @return string */ public function hash($str, $hash_key=NULL) { if ( ! $this->_config['salt']) throw new Kohana_Exception('A valid salt must be set in your auth config.');$encrypted = crypt($str, $this->_config['salt'] . $hash_key); if ( ! $encrypted) throw new Kohana_Exception('Failed to generate valid hash.'); return $encrypted; } -
Have a look at, andsearch this forum for, shadowhand/bonafide
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- All Discussions11,559
- Community Support5,052
- Paid Support19
- Introductions230
- Kohana Café1,223
- Kohana General Discussion2,049
- Bugs and Errors633
- Feature Requests205
- Tutorials and Plugins350
- Hanami CMS20
- Development235
- Announcements328
- Voting4
- Русскоязычное сообщество1,211