Ok so this ended up being a classic facepalm moment. I downloaded cake versions all the way back to 1.1 and the method does indeed not change (at least not in how it hashes the input string), so no need for anxiety :) while the salt value was the same in the live and dev setup the live setup was reversing the salt in the config. Trust me, when your not expecting that it's real easy to look at the two strings and conclude they are the same and never notice the strrev()
Thanks for all the suggestions! On Dec 8, 2:41 pm, Ryan Schmidt <[email protected]> wrote: > Please let us know what you find; if CakePHP is going to offer a > password-hashing function, it seems of paramount importance to me that it > never change, so if it has, I certainly want to know that. > > On Dec 8, 2010, at 06:18, Tijs wrote: > > > > > Thanks for the suggestion. the salt value is indeed the same in my > > development and live environment. I tried changing the hash method > > using Security:setHash() but have not found a method that creates the > > same hash i have stored in my db. So the next step is indeed to dive > > into the Auth implementation and see if i can find any differences > > (which i hoped to avoid). Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
