ElnurBlowfishPasswordEncoderBundle
, (*1)
Still using MD5 or SHA family hashing algorithms for password “encryption”?
If you are, read this and
that and then come back to
get yourself a copy of this bundle., (*2)
The [BCrypt password encoder][1] has been added to the Symfony core in 2.2 and has been improved to the level of this
bundle and beyond in 2.3. So, if you're using Symfony 2.3+, consider using the encoder from the core instead of this
bundle., (*3)
Installation
-
Add this to the composer.json:, (*4)
{
"require": {
"elnur/blowfish-password-encoder-bundle": "~0.5"
}
}
And run:, (*5)
php composer.phar update elnur/blowfish-password-encoder-bundle
-
Enable the bundle in app/AppKernel.php:, (*6)
public function registerBundles()
{
$bundles = array(
// ...
new Elnur\BlowfishPasswordEncoderBundle\ElnurBlowfishPasswordEncoderBundle(),
);
}
-
And, finally, set the encoder in app/config/security.yml:, (*7)
security:
encoders:
Symfony\Component\Security\Core\User\User:
id: security.encoder.blowfish
Configuration
By default the encoder uses a cost factor of 15, which is pretty reasonable,
but you can change it to a different value in the range of 4-31 by editing
the config.yml file:, (*8)
elnur_blowfish_password_encoder:
cost: 10
Each increment of the cost doubles the time it takes to encode a password., (*9)
You can change the cost factor at any time — even if you already have some
passwords encoded using a different cost factor. New passwords will be encoded
using the new cost factor, while the already encoded ones will be validated
using a cost factor that was used back when they were encoded., (*10)
Usage
A salt for each new password is generated automatically and need not be
persisted. Since an encoded password contains the salt used to encode it,
persisting the encoded password alone is enough., (*11)
All the encoded passwords are 60 characters long, so make sure to allocate
enough space for them to be persisted., (*12)
License
This bundle is under the MIT license. See the complete license in the bundle:, (*13)
Resources/meta/LICENSE
Acknowledgements
I thank asm89 for enlightening me by giving the
links you see above and answering my other related questions on the #symfony
channel., (*14)
And I thank dustin10 for suggesting to add the
extension class to make the bundle easier to install and configure., (*15)
Wallogit.com
