About DefaultPasswordHasher

fx20318 · January 31, 2018, 3:17pm

The character string of the execution result of DefaultPasswordHasher always has the following character string at the beginning. ("$ 2y $ 10 $")
Is this a security problem?
(Does the hash method are inferred from this character string?)

rrd · January 31, 2018, 5:00pm

No, that is the normal behaviour.

raul338 · February 1, 2018, 1:34am

Its part of bcrypt

fx20318 · February 1, 2018, 11:13am

Thank you for your reply.
I would like to ask you additional questions, do you normally store the results in the database as is, or do you store them after deleting the first character string ("$ 2y $ 10 $")?
When deleting, Auth-> identify () will result in an error, but how can we handle it?

raul338 · February 1, 2018, 3:13pm

I save the hash as is

Topic		Replies	Views
How to implement password reset in CakePHP	1	3290	May 20, 2019
Compare Old Password from auth to entered password Need Help	5	1157	April 3, 2019
[Migrations] How to hash passwords in seeds	1	2340	April 2, 2023
Transparancy to understand functioning of function [patchEntity & hashed password] Need Help behavior	4	522	April 14, 2020
Authentication (3.9) after updating user password (hardcoded value ), login fails Need Help help	4	522	December 10, 2020

About DefaultPasswordHasher

Releases

Documentation

Community

About DefaultPasswordHasher

Related topics

Releases

Documentation

Community