The problem is that if you want to use bcrypt ( http://codahale.com/how-to-safely-store-a-password/ ), the returned value is always different.
bcrypt works with 2 functions: 1) bcrypt_hash($new_password); and 2)bcrypt_check($entered_password, $password_in_DB); Cake auth module has the assumption that the authentication will be made through a hash. You can find multiple time in the code, this pattern: $password_in_db = hashPassword($entered_password) In order to make bcrypt works, you need to have create_password($p) verify_password($pDB, $p) in the case you do not believe http://codahale.com/how-to-safely-store-a-password/ and you still want to use a hash, you can use: create_password($p) { return SHA1($p); } and verify_password($pDB, $p) { return $pDB === SHA1($p); } But you can also use bcrypt with: create_password($p) { return bcrypt_hash($p); } and verify_password($pDB, $p) { return bcrypt_check($pDB, $p); } Nowadays, normal hash functions like SHA1 are good for sessions and caching but not for storing passwords. Doing that is pretty much equivalent to having passwords in clear on the DB. See https://gist.github.com/1053158/8ac0096f196a8463c8211a5dbbbf2a911d0e5341 for a nice snippet on how to migrate from normal hash to bcrypt. Best, Chris On Mon, Sep 12, 2011 at 3:37 PM, Everton Yoshitani <[email protected]>wrote: > If you are using Auth component you could do it by this way: > > http://book.cakephp.org/view/1254/Change-Hash-Function > > Hope it's helps. > > > > On Tue, Sep 13, 2011 at 6:43 AM, chaitanya mutyala > <[email protected]> wrote: > > Hello, > > > > Can someone suggest the best way to override the core 'hash' function > > ( /lib/cake/Utility/Security.php ) without touching any of the core > > files? I want to write my own custom hash function. > > > > Thanks, > > Chaitanya > > > > -- > > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > > > > To unsubscribe from this group, send email to > > [email protected] For more options, visit this group > at http://groups.google.com/group/cake-php > > > > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > [email protected] For more options, visit this group > at http://groups.google.com/group/cake-php > -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
