Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

How to change password encryption/decryption algorithm


Reply


2 Posts   1973 Views

Avatar
MartinElkjær

Community Member, 2 Posts

7 September 2010 at 8:57am

Edited: 08/09/2010 12:36am

Hi,

I'm migrating a lot of users (2200+) to SS from another system. The passwords for all the users are encrypted using the Blowfish algorithm (using java and BCrypt )

My question is: How can I tell SS to use this algorithm ??
I've been looking at the _config.php in sapphire and my gues is that I need to register at new password encryptor with "PasswordEncryptor::register" ??

Any help ?

Best Regards,
Martin

Avatar
Pigeon

Community Member, 243 Posts

7 September 2010 at 9:33am

Edited: 08/09/2010 12:36am

Great question!

This page can help with regards to the basic concept, but to understand how to use your own custom encryption requires digging a bit deeper into how SilverStripe works.

First, you need to start by creating your "encryptor" class in mysite/code/. See the [url=http://svn.silverstripe.com/open/modules/sapphire/trunk/security/PasswordEncryptor.php]in-built password encryptor[/url] for SS to give you a base to work from. You want to create a class like so:

class MyEncryptor extends PasswordEncryptor {
..
}

You should be able to define your encryption algorithm in there.

You then need to register your encryptor and then assign it to be used. Something like this in your mysite/_config.php:

...
PasswordEncryptor::register('blowfish','MyEncryptor');
Security::set_password_encryption_algorithm('blowfish');
...

Then you should be good to go!

Hope that helps you out.