Using CakePHP's password hashing in android .apk


#1

Hello fellow bakers,

We’re currently developing an Android app that relies on a database in which are stored username and passwords hashed by a CakePHP website.

Ultimately, our app user is going to use the username and password to log onto the app and be able to access its features.

So far, any tries have been met with utter defeat. We can’t get the app’s password input to match the CakePHP encrypted values on the database.

Is there any ways, and I believe there is, to duplicate the CakePHP password verification so the hash, salt, whatever, matches the app input and allows our users to log on.

Have a nice day.


#3

Hi,

Internally Cake uses the php password_hash function so you can go over the documentation and figure out what you need to replicate. However it s kind of a moving target since algos are prone to be upgraded over time.

What I would do is expose an API form the webapp for password checking or at least a raw php command line script that would return the correct hash for a given string password.

Cosmin