Skip to content
Permalink
Browse files

Improve Blowfish Docblocks

  • Loading branch information...
sitedyno committed Nov 11, 2012
1 parent e0aab77 commit 895fcac0cd2c942f5197027df74fcde949bf6151
Showing with 26 additions and 10 deletions.
  1. +4 −1 lib/Cake/Controller/Component/Auth/BlowfishAuthenticate.php
  2. +22 −9 lib/Cake/Utility/Security.php
@@ -28,7 +28,10 @@
* }}}
*
* When configuring BlowfishAuthenticate you can pass in settings to which fields, model and additional conditions
* are used. See BlowfishAuthenticate::$settings for more information.
* are used. See FormAuthenticate::$settings for more information.
*
* For inital password hashing/creation see Security::hash(). Other than how the password is initally hashed,
* BlowfishAuthenticate works exactly the same way as FormAuthenticate.
*
* @package Cake.Controller.Component.Auth
* @since CakePHP(tm) v 2.3
@@ -78,14 +78,26 @@ public static function validateAuthKey($authKey) {
}
/**
* Create a hash from string using given method.
* Fallback on next available method.
* If you are using blowfish, for comparisons simply pass the originally hashed
* string as the salt (the salt is prepended to the hash and php handles the
* parsing automagically. Do NOT use a constant salt for blowfish.
* Create a hash from string using given method or fallback on next available method.
*
* #### Using Blowfish
*
* - Creating Hashes: *Do not supply a salt*. Cake handles salt creation for
* you ensuring that each hashed password will have a *unique* salt.
* - Comparing Hashes: Simply pass the originally hashed password as the salt.
* The salt is prepended to the hash and php handles the parsing automagically.
* For convenience the BlowfishAuthenticate adapter is available for use with
* the AuthComponent.
* - Do NOT use a constant salt for blowfish!
*
* Creating a blowfish/bcrypt hash:
*
* {{{
* $hash = Security::hash($password, 'blowfish');
* }}}
*
* @param string $string String to hash
* @param string $type Method to use (sha1/sha256/md5)
* @param string $type Method to use (sha1/sha256/md5/blowfish)
* @param mixed $salt If true, automatically appends the application's salt
* value to $string (Security.salt). If you are using blowfish the salt
* must be false or a previously generated salt.
@@ -222,7 +234,7 @@ public static function rijndael($text, $key, $operation) {
* @param integer $length The length of the returned salt
* @return string The generated salt
*/
public static function salt($length = 22) {
protected static function _salt($length = 22) {
$salt = str_replace(
array('+', '='),
'.',
@@ -232,14 +244,15 @@ public static function salt($length = 22) {
}
/**
* One way encryption using php's crypt() function, used with type blowfish in ``Security::hash()``
* One way encryption using php's crypt() function. To use blowfish hashing see ``Security::hash()``
*
* @param string $password The string to be encrypted.
* @param mixed $salt false to generate a new salt or an existing salt.
* @return string The hashed string or an empty string on error.
*/
protected static function _crypt($password, $salt = false) {
if ($salt === false) {
$salt = self::salt(22);
$salt = self::_salt(22);
$salt = vsprintf('$2a$%02d$%s', array(self::$hashCost, $salt));
}

0 comments on commit 895fcac

Please sign in to comment.
You can’t perform that action at this time.