in rc3 i've big problem witch auth component ;<
On 12 Paź, 19:00, "Bernhard J. M. Grün"
<[EMAIL PROTECTED]> wrote:
> Hi!
>
> Thanks for your response.
> I already know that Security::hash() is used to generate the hash. But the
> problem is that the hash is insecure (for passwords) in my eyes. Th
Hi!
Thanks for your response.
I already know that Security::hash() is used to generate the hash. But the
problem is that the hash is insecure (for passwords) in my eyes. The reason
is that two passwords encrypt to the same hash (given the secret salt is the
same which is the case).
-- Bernhard J.
http://api.cakephp.org/class_auth_component.html#216d4deefcd62ffeac5d9334b9cc2614
On Oct 11, 5:24 am, "Bernhard J. M. Grün"
<[EMAIL PROTECTED]> wrote:
> Hi!
>
> Is it correct that the passwords created with the help of the AuthComponent
> are not public hashed (i.e. only secret hashed)? At least
Hi!
Is it correct that the passwords created with the help of the AuthComponent
are not public hashed (i.e. only secret hashed)? At least in my test app it
seems to be like that.
If so this is a major security hole.
Example:
User Alice has password "test": 2dd357c503a6812e276096a306cca02852cc1e4f