Permalink
Browse files

MINOR: Fix style according to style guidelines, and add a comment abo…

…ut use of "$2y" instead of "$2a"
  • Loading branch information...
andrewandante committed May 2, 2012
1 parent fa60f9e commit a2e9c001d76bc82d788fbdd9cc346110fdf6c7b6
Showing with 7 additions and 1 deletion.
  1. +7 −1 security/PasswordEncryptor.php
@@ -134,12 +134,18 @@ class PasswordEncryptor_Blowfish extends PasswordEncryptor {
protected static $cost = 10;
function encrypt($password, $salt = null, $member = null) {
+ // We use $2y$ here instead of $2a$ - in PHP < 5.3.7, passwords
+ // with non-ascii characters will use a flawed version of the blowfish
+ // algorithm when specified with $2a$. $2y$ specifies non-flawed version
+ // in all cases.
+ // See https://bugs.php.net/bug.php?id=55477&edit=1
$method_and_salt = '$2y$' . $salt;
$encrypted_password = crypt($password, $method_and_salt);
// We *never* want to generate blank passwords. If something
// goes wrong, throw an exception.
- if(strpos($encrypted_password, $method_and_salt) === false)
+ if(strpos($encrypted_password, $method_and_salt) === false) {
throw new PasswordEncryptor_EncryptionFailed('Blowfish password encryption failed.');
+ }
// Remove the method and salt from the password, as the salt
// is stored in a separate column.

0 comments on commit a2e9c00

Please sign in to comment.