Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Change encryption
 
supremekhaoz
Jr. Member
 
Total Posts:  1
Joined:  2011-09-02
 

I would like to change the encryption to bCrypt instead of weak md5 but for that I would need to change the whole encryption and store the hash so I know how to do it but which files in magento do I need? I’m not sure about changing the encryption for normal users since bcrypt is slow and that’s why it’s so secure :D but were are the admin files?

 
Magento Community Magento Community
Magento Community
Magento Community
 
jcuthbert
Jr. Member
 
Total Posts:  23
Joined:  2011-02-03
Manchester
 

I might be mistaken here, but I think the encryption that is used is throughout the entire site theres no seperation between admin and front for encryption purposes.

If memory serves me well, I think you will find it in one of the upper abstract classes so just track back the extensions of classes till you reach the Mage/Varien ones that cover it.

 
Magento Community Magento Community
Magento Community
Magento Community
 
thebod
Moderator
 
Avatar
Total Posts:  81
Joined:  2010-08-11
 

Hello,

you can change the way Magento encrypts data.
Take a look on Mage_Core_Helper_Data::getEncryptor() and into the Mage_Core_Model_Encryption-Model.

You can use the config (path: global/helpers/core/encryption_model) to specify another encryption mode.

A very easy way would be:
Create a new encryption model, extend from Mage_Core_Model_Encryption. Overwrite the hash()-function, for example:
public function hash($data) {
return hash(’sha512’, $data);
}
and then change the global/helpers/core/encryption_model-config-path to your model (for example ‘mymodul/encryption’).

But be careful! Once you changed the hash-function every stored passwort is not usable anymore! So in fact you should change it before(!) you install magento (or change the admin-account-password manually inside the database)!

I hope that helps!

Best, thebod

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top