CakePHP hashed passwords in Codeigniter

[eluser]brettyates[/eluser]
I recreated a CakePHP app in Codeigniter and have a database full of login passwords I'm trying to mimic.

Cake hash line looks like this:

Code:

Security::hash('password', 'sha1', true);

Cake salt line:

Code:

/**
* A random string used in security hashing methods.
*/
Configure::write('Security.salt', 'xxxxxxxxxxxxxxxx'); // actual salt is 33 characters

/**
* A random numeric string (digits only) used to encrypt/decrypt strings.
*/
Configure::write('Security.cipherSeed', '32185858124818979731547474'); // not sure if it's using this

I tried the method here: http://www.haughin.com/2008/02/handling-...deigniter/

That didn't seem to do the trick. I don't want to decrypt them, just create the same hash so I don't have to ask a bunch of users to change their password.

Thanks!

[eluser]InsiteFX[/eluser]
Hashing using sha1 is one way so your users would have to change their passwords.

Unless you can get the hash key and salt key from Cake there's nothing you can do!

Use the cifer key for the CI config encryption key and then try the sha-1.

Try this:

Code:

// -----------------------------------------------------------------------

/**
  * hash_salt()
  *
  * Hashes the users password with SHA1 and the 32-bit encryption key.
  *
  * NOTE: Do not change the encryption Key once it is set or you will be
  *       Asking for trouble! Like not being able to login again!
  *
  * @access public
  * @param string - $password
  * @retrun mixed - the 32 char encrypted password
  */
public function hash_salt($password)
{
  return hash('SHA1', $password . $this->CI->config->item('encryption_key'));
}

Set the ./application/config/config.php - config key encrpytion to '32185858124818979731547474'

If this is in your Auth library then you will need to get the CI super object.

[eluser]brettyates[/eluser]
Thanks for the reply. I think that is essentially what I tried from here:

http://www.haughin.com/2008/02/handling-...deigniter/

I dove into the Cake Security component a little more and found the hash function:

Code:

function hash($string, $type = null, $salt = false) {
  $_this =& Security::getInstance();

  if ($salt) {
   if (is_string($salt)) {
    $string = $salt . $string;
   } else {
    $string = Configure::read('Security.salt') . $string;
   }
  }

  if (empty($type)) {
   $type = $_this->hashType;
  }
  $type = strtolower($type);

  if ($type == 'sha1' || $type == null) {
   if (function_exists('sha1')) {
    $return = sha1($string);
    return $return;
   }
   $type = 'sha256';
  }

  if ($type == 'sha256' && function_exists('mhash')) {
   return bin2hex(mhash(MHASH_SHA256, $string));
  }

  if (function_exists('hash')) {
   return hash($type, $string);
  }
  return md5($string);
}

Looks like it runs a few more functions on it after the initial hash. I think I just need to recreate this and I should be good. Don't have a chance to now but will try a bit later and update the thread.

Thanks!

[eluser]Aken[/eluser]
Based on the example use and that function, all it does is add the salt to the start of the string, and then pass it through the sha1() function. Should be very easy to recreate.

[eluser]brettyates[/eluser]
Turns out I was putting the salt at the end of the string instead of the beginning. Also didn't notice the return in the middle of that function. It's working now.

Thanks for your help!

[eluser]Samus[/eluser]
Booo cake!