Re: converting site/password(salt) conversion

Hi,

you would need to implement a password logic that prepends/appends (you
would need to check with the supplier how the salt was applied and which
hash algorithm was used, md5, sha1, etc...) the salt to the user
password input and check the resulting hash with the hash in the
database. I don't know if the salt is the same for all the passwords or
if the salt is changing per db row. If the latter is the case, you would
need to implement a new hash method:

http://book.cakephp.org/view/1254/Change-Hash-Function

Basically your algorithm would be:

- If the user is found, get the salt and apply the salt to the
unencrypted password (prepend or append).
- Hash the resulting string with the used hash algorithm.
- Check if the hash matches the one in the db.

Kind regards
Thomas

Am 21.09.2011 02:53, schrieb Seth:
> Hi,
> A client purchased data, but wasn't allowed to have the code. The
> user table has an encrypted password and a salt column. I started my
> site using AuthComponent, where it's just one password field, docs say
> "Cake appends your password string to a salt value and then hashes
> it".
>
> So is there a way to merge the fields and import into my database?
>
> Thanks
>

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.

To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php