[Catalyst] Migrate from SHA hashed passwords to Bcrypt crypted
passwords
Pavel Karoukin
hippich at gmail.com
Mon Jul 11 22:06:36 GMT 2011
On 07/11/2011 10:34 AM, Mark Blackman wrote:
>
>> 2) How I should update my application to have first check against new hashing algorithm and if password returns incorrect, try old one (SHA)? Should I do it through realms, or just check password in my authentication controller directly instead?
> I'd define two realms in your configuration for each password type and then attempt authentication against both realms.
>
How does realm work when saving user? Ideally, I would like to try
authenticate user against Bcrypt, if it fails - try SHA and if it
success - ask user to change password which will be saved in Bcrypt realm.
How I can instruct it to save new password as Bcrypt hash if user logged
in with SHA-hashed password?
Regards,
Pavel
More information about the Catalyst
mailing list