Level 2
@duongtn811 can you confirm why you want to md5 a password?
Dec 7, 2016
5
Level 1
Encrypt MD5 replace brypt
Hi everybody, I have a task and must encrypt password login with MD5. When I register, it success. But when I login, I check attempt() two times, one with brypt and one with MD5. But it always fail. Please help me! Code I check with MD5 in login() function
$user = User::whereEmail($credentials['email'])->wherePassword(md5($credentials['password']))->first();
if($user){
$user->save();
//echo $user;die();
return $this->sendLoginResponse($request);
}
Level 1
Hi #rsands, That is require of my boss. Because we have Backend built by .Net, we must encrypt by MD5 to synchronous.
Level 2
md5 definitely isn't the best choice for this. What does an encrypted password look like in the database?
Level 2
I agree with #rsands. MD5 shouldn't be used. Bcrypt is a lot stronger.
Especially if users use common passwords, password123, a baseline graphics card can crack this very easily.
Here is a link to my card's benchmarks in oclhashcat. (Which is a "password recovery tool")
but if you absolutely need to.
Are you storing the password just plaintext (also should change) in the database? or when a user is saved do you use something like:
$user->password = bcrypt($request->password);
Level 22
Regardless of the merits of MD5; its probably an issue where you are double hashing without realizing it.
There are a couple ways to do this I would think; but the "easiest" is to create a new Md5Hasher which implement Illuminate\Contracts\Hashing\Hasher; then swap the default hasher out for your custom one in config\app.php
<?php
namespace App\Hashing;
use Illuminate\Contracts\Hashing\Hasher as HasherContract;
class Md5Hasher implements HasherContract
{
/**
* Hash the given value.
*
* @param string $value
* @param array $options
* @return string
*/
public function make($value, array $options = [])
{
return md5($value);
}
/**
* Check the given plain value against a hash.
*
* @param string $value
* @param string $hashedValue
* @param array $options
* @return bool
*/
public function check($value, $hashedValue, array $options = [])
{
if (strlen($hashedValue) === 0) {
return false;
}
return md5($value) === $hashedValue;
}
/**
* Check if the given hash has been hashed using the given options.
*
* @param string $hashedValue
* @param array $options
* @return bool
*/
public function needsRehash($hashedValue, array $options = [])
{
return false;
}
}
Next, create a service provider to load up the new hasher
<?php
namespace App\Providers;
use App\Hashers\Md5Hasher;
use Illuminate\Support\ServiceProvider;
class Md5ServiceProvider extends ServiceProvider
{
/**
* Indicates if loading of the provider is deferred.
*
* @var bool
*/
protected $defer = true;
/**
* Register the service provider.
*
* @return void
*/
public function register()
{
$this->app->singleton('hash', function () {
return new Md5Hasher;
});
}
/**
* Get the services provided by the provider.
*
* @return array
*/
public function provides()
{
return ['hash'];
}
}
in your config\app.php file, swap the implementation by removing Illuminate\Hashing\HashServiceProvider::class, and replacing it with App\Providers\Md5ServiceProvider::class
Finally make sure you change the encryption in app\Http\Controllers\Auth\RegisterController too
/**
* Create a new user instance after a valid registration.
*
* @param array $data
* @return User
*/
protected function create(array $data)
{
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => md5($data['password']),
]);
}
I haven't tested any of this code; so there may be some minor typo's but hopefully it gets you pointed in the right direction.
2 likes
Please or to participate in this conversation.