Jump to content

Store Password In Databse Crypted An Use It In Php ?


Recommended Posts

Posted

one of the best thing in blesta v3 , is the way they manage the crypted field (passwords) .

 

storing field with the MD5 or other Hashing systems/algorithmes is usefful , but blesta can retrieve the crypted password and use them in the système as plain text again transparency . i love this way ...

 

what i want to ask now , how blesta do this ?

 

blesta use a function to decrypt the passwords/crypted fields and other function to decode/decrypt the password ? i beleive they can not decode the MD5 password, so i supposed that they use it own cyption/decryption systèm .

 

 

can the blesta dev share some tips or way to achieve this ? or is a secret of the work :) !!

 

 

Posted

Blesta uses different encryption and hashing algorithms for different purposes. Admin and client passwords are stored using bcrypt, computed from an HMAC-SHA-256 hash of the password. This is a one way, algorithm that is extremely difficult to brute force. User passwords are not reversible.

 

Modules can store some or all of their meta data encrypted, and encryption is used throughout the system to securely store data that can be decrypted like credit card numbers, service meta data and more. I believe this is done through AES, and in the case of credit cards additionally an RSA public/private key pair.

 

Cody can elaborate more on all of this and correct any errors in what I just said. :)

Posted
  On 9/11/2013 at 5:23 AM, Paul said:

Blesta uses different encryption and hashing algorithms for different purposes. Admin and client passwords are stored using bcrypt, computed from an HMAC-SHA-256 hash of the password. This is a one way, algorithm that is extremely difficult to brute force. User passwords are not reversible.

 

Modules can store some or all of their meta data encrypted, and encryption is used throughout the system to securely store data that can be decrypted like credit card numbers, service meta data and more. I believe this is done through AES, and in the case of credit cards additionally an RSA public/private key pair.

 

Cody can elaborate more on all of this and correct any errors in what I just said. :)

 

Nothing else to say.

 

http://source-docs.blesta.com/class-AppModel.html#_systemEncrypt

http://source-docs.blesta.com/class-AppModel.html#_systemDecrypt

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...