How did you configure the salt and your Weak password hasher? Please show the code in gist or here.
I can guarantee that passwords can be used from cake 2 in cake 3 because I've migrated a couple apps already. On Thursday, February 26, 2015 at 9:06:57 AM UTC+1, mcloide wrote: > > This is a scenario that is true to me and it is leading me to take the > decision to not upgrade to Cake3 at this moment. > > I have 2 applications and one has to communicate with another. One > application has been fully built with the latest stable version of cake 2 > and the new application, that is on legacy code, was going to be using cake > 3 so we could benefit of all of the new perks. Unfortunately with the > removal of the cipherseed and the cipher functions a password that was > generated in cake2 now can't be used in cake3. > > Example of password encryption results using CakePHP 2.6 and CakePHP 3 > > password = changeme > Salt and Cipherseed where kept the same among both versions. > > CakePHP 2.6 > HashClass = Simple > HashType = SHA256 > Encryption result = > *cb15d8050a3da1c302e62d27b57e128fb4aef8207b39cd17d44afb3838390c43* > > CakePHP 3 > HashClass = Weak > HashType = SHA256 > Encryption result = *c88333b093105e07acff5b19be6fbaf51e6482b1* > > I had asked this on twitter before and the response that I got was that > there would be backwards compatibility if you were using Simple password > hasher in CakePHP 2.6 and upgraded it to CakePHP 3 so I wouldn't need to > change all my users passwords through the database or force them to reset > their password. > > Based on the result above I don't see how I can use the same password > system from Cake 2 to Cake 3 and it also doesn't seem like it is using the > hashType set on config. > > Is there anything I'm missing here. Can anyone help? > > I need to decide really quick if I will move forth with Cake 3 or keep > development with Cake 2. > > Thanks in advance. > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/d/optout.
