Help me understand encoder of symfony with md5 #42493
-
Hi, I am porting a symfony app to a node.JS with moleculer.JS app, The symfony application is using algorithm: MD5, but the password in db is always looking like "/nr1C+zfhk3C0sNR1WoVTw==" So, I don't get what is happening, can you please help me to understand the steps of encoding? |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 1 reply
-
Could you please post your |
Beta Was this translation helpful? Give feedback.
-
@CosmicSnow if I understood you right, you expected hashed passwords to be The reason is that Symfony doesn't simply perform a |
Beta Was this translation helpful? Give feedback.
-
Oh thank you very much for you both @javiereguiluz @romaricdrigon, I pretend to migrate the hash to bcrypt, but can't do it right now, I must make it compatible with both hashes for around two months, then we will fully migrate to bcrypt. and @romaricdrigon, unfortanely, the decision to use md5 wans't mine, it was from the last TI team working on the project, I know it's bad, and that's why we will migrate that hash type. Thank you! :) |
Beta Was this translation helpful? Give feedback.
@CosmicSnow if I understood you right, you expected hashed passwords to be
$hashed = md5($plainPassword)
but the actual value stored in the database is not that.The reason is that Symfony doesn't simply perform a
md5()
of the plain password. It concatenates some strings and iterates several times to produce the final hashed password. The actual algorithm can be found here:symfony/src/Symfony/Component/PasswordHasher/Hasher/MessageDigestPasswordHasher.php
Lines 51 to 70 in 488a46f