Blesta Addons Posted September 11, 2013 Report Posted September 11, 2013 one of the best thing in blesta v3 , is the way they manage the crypted field (passwords) . storing field with the MD5 or other Hashing systems/algorithmes is usefful , but blesta can retrieve the crypted password and use them in the système as plain text again transparency . i love this way ... what i want to ask now , how blesta do this ? blesta use a function to decrypt the passwords/crypted fields and other function to decode/decrypt the password ? i beleive they can not decode the MD5 password, so i supposed that they use it own cyption/decryption systèm . can the blesta dev share some tips or way to achieve this ? or is a secret of the work !!
Blesta Addons Posted September 11, 2013 Author Report Posted September 11, 2013 i'm using the same function here , with some hange , i have the function placed in a decoded file (ioncube) http://coderzone.org/library/Easy-Password-Encryption-and-Decryption_1100.htm
Michael Posted September 11, 2013 Report Posted September 11, 2013 On 9/11/2013 at 2:17 AM, naja7host said: i'm using the same function here , with some hange , i have the function placed in a decoded file (ioncube) http://coderzone.org/library/Easy-Password-Encryption-and-Decryption_1100.htm I was guessing but I'm sure the devs will help you mate
Paul Posted September 11, 2013 Report Posted September 11, 2013 Blesta uses different encryption and hashing algorithms for different purposes. Admin and client passwords are stored using bcrypt, computed from an HMAC-SHA-256 hash of the password. This is a one way, algorithm that is extremely difficult to brute force. User passwords are not reversible. Modules can store some or all of their meta data encrypted, and encryption is used throughout the system to securely store data that can be decrypted like credit card numbers, service meta data and more. I believe this is done through AES, and in the case of credit cards additionally an RSA public/private key pair. Cody can elaborate more on all of this and correct any errors in what I just said. Michael 1
Cody Posted September 11, 2013 Report Posted September 11, 2013 On 9/11/2013 at 5:23 AM, Paul said: Blesta uses different encryption and hashing algorithms for different purposes. Admin and client passwords are stored using bcrypt, computed from an HMAC-SHA-256 hash of the password. This is a one way, algorithm that is extremely difficult to brute force. User passwords are not reversible. Modules can store some or all of their meta data encrypted, and encryption is used throughout the system to securely store data that can be decrypted like credit card numbers, service meta data and more. I believe this is done through AES, and in the case of credit cards additionally an RSA public/private key pair. Cody can elaborate more on all of this and correct any errors in what I just said. Nothing else to say. http://source-docs.blesta.com/class-AppModel.html#_systemEncrypt http://source-docs.blesta.com/class-AppModel.html#_systemDecrypt Michael 1
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now