Blesta Addons Posted September 11, 2013 Report Share Posted September 11, 2013 one of the best thing in blesta v3 , is the way they manage the crypted field (passwords) . storing field with the MD5 or other Hashing systems/algorithmes is usefful , but blesta can retrieve the crypted password and use them in the système as plain text again transparency . i love this way ... what i want to ask now , how blesta do this ? blesta use a function to decrypt the passwords/crypted fields and other function to decode/decrypt the password ? i beleive they can not decode the MD5 password, so i supposed that they use it own cyption/decryption systèm . can the blesta dev share some tips or way to achieve this ? or is a secret of the work !! Quote Link to comment Share on other sites More sharing options...
Michael Posted September 11, 2013 Report Share Posted September 11, 2013 The power of MiniPHP haha Quote Link to comment Share on other sites More sharing options...
Blesta Addons Posted September 11, 2013 Author Report Share Posted September 11, 2013 i'm using the same function here , with some hange , i have the function placed in a decoded file (ioncube) http://coderzone.org/library/Easy-Password-Encryption-and-Decryption_1100.htm Quote Link to comment Share on other sites More sharing options...
Michael Posted September 11, 2013 Report Share Posted September 11, 2013 i'm using the same function here , with some hange , i have the function placed in a decoded file (ioncube) http://coderzone.org/library/Easy-Password-Encryption-and-Decryption_1100.htm I was guessing but I'm sure the devs will help you mate Quote Link to comment Share on other sites More sharing options...
Paul Posted September 11, 2013 Report Share Posted September 11, 2013 Blesta uses different encryption and hashing algorithms for different purposes. Admin and client passwords are stored using bcrypt, computed from an HMAC-SHA-256 hash of the password. This is a one way, algorithm that is extremely difficult to brute force. User passwords are not reversible. Modules can store some or all of their meta data encrypted, and encryption is used throughout the system to securely store data that can be decrypted like credit card numbers, service meta data and more. I believe this is done through AES, and in the case of credit cards additionally an RSA public/private key pair. Cody can elaborate more on all of this and correct any errors in what I just said. Michael 1 Quote Link to comment Share on other sites More sharing options...
Cody Posted September 11, 2013 Report Share Posted September 11, 2013 Blesta uses different encryption and hashing algorithms for different purposes. Admin and client passwords are stored using bcrypt, computed from an HMAC-SHA-256 hash of the password. This is a one way, algorithm that is extremely difficult to brute force. User passwords are not reversible. Modules can store some or all of their meta data encrypted, and encryption is used throughout the system to securely store data that can be decrypted like credit card numbers, service meta data and more. I believe this is done through AES, and in the case of credit cards additionally an RSA public/private key pair. Cody can elaborate more on all of this and correct any errors in what I just said. Nothing else to say. http://source-docs.blesta.com/class-AppModel.html#_systemEncrypt http://source-docs.blesta.com/class-AppModel.html#_systemDecrypt Michael 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.