17488 Posts in 4473 Topics by 1978 members
|
Page:
1
|
Go to End | |
| Author | Topic: | 2401 Views |
-
Setting Security it use sha1 but no salt.
30 April 2008 at 4:34pm Last edited: 30 April 2008 6:08pm
Hey,
I'm trying to migrate a site from a CMS that uses straight SHA1 encryption - but can't get my SS site to encrypt in SHA1 only.
I have set the following lines in sapphire/_config.php
Security::encrypt_passwords(true);
Security::set_password_encryption_algorithm('sha1', false);and also set the current values in Security.php
protected static $encryptPasswords = true;
protected static $encryptionAlgorithm = 'sha1';
protected static $useSalt = false;however the site is not using straight SHA1. The salt column in the db is now NULL but it's still a strange encryption that won't match the old user passwords which are all sha1.
SS 2.2.1
Any ideas where i'm going wrong?
Cheers,
Josh -
Re: Setting Security it use sha1 but no salt.
9 May 2008 at 9:24am
The encrypted password is then packed into a base 36 number (0-9 then A-Z). I wouldn't have necessary built it this way, but it's difficult to change now without breaking everyone's sites.
// Convert the base of the hexadecimal password to 36 to make it shorter
// In that way we can store also a SHA256 encrypted password in just 64
// letters.
$password = substr(base_convert($password, 16, 36), 0, 64);Perhaps we could add additional encryption types to the Password encryption column, like sha1-unpacked, which would skip this procedure? Using a string-suffix like this would require fewer API changes than adding a 3rd encryption parameter.
-
Re: Setting Security it use sha1 but no salt.
9 May 2008 at 11:06am
Thanks for pointing that out Sam, my problem is now solved!
| 2401 Views | ||
|
Page:
1
|
Go to Top |
