17487 Posts in 4473 Topics by 1978 members
|Go to End|
30 April 2008 at 4:34pm Last edited: 30 April 2008 6:08pm
I'm trying to migrate a site from a CMS that uses straight SHA1 encryption - but can't get my SS site to encrypt in SHA1 only.
I have set the following lines in sapphire/_config.php
and also set the current values in Security.php
protected static $encryptPasswords = true;
protected static $encryptionAlgorithm = 'sha1';
protected static $useSalt = false;
however the site is not using straight SHA1. The salt column in the db is now NULL but it's still a strange encryption that won't match the old user passwords which are all sha1.
Any ideas where i'm going wrong?
9 May 2008 at 9:24am
The encrypted password is then packed into a base 36 number (0-9 then A-Z). I wouldn't have necessary built it this way, but it's difficult to change now without breaking everyone's sites.
// Convert the base of the hexadecimal password to 36 to make it shorter
// In that way we can store also a SHA256 encrypted password in just 64
$password = substr(base_convert($password, 16, 36), 0, 64);
Perhaps we could add additional encryption types to the Password encryption column, like sha1-unpacked, which would skip this procedure? Using a string-suffix like this would require fewer API changes than adding a 3rd encryption parameter.
9 May 2008 at 11:06am
Thanks for pointing that out Sam, my problem is now solved!
|Go to Top|