Purpose of Security.salt and Security.cipherSeed in CakePHP

Author - Ashish

cipherSeed in CakePHP
cipherSeed is used in Security::cipher() function to seed rand(). Seed means to give the initial value to rand() function to start and based on that the future values by rand() function are generated. In php, before 4.2.0 version, Random Number Generator (rand() function) needed to seed using srand(). In cakephp to seed random number generator, cipherSeed is used instead. After php 4.2.0 Random Number Generator is seeded automatically.

E.g. srand(Configure::read('Security.cipherSeed')); //usage in cipher() function

Security::cipher(string,key) is used to encrypt/decrypt any string.

E.g. $key = 'wt1U5MACWJFTXGenFoZoiLwQGrLgdbHA';

// Encrypt your text with key

    $secret = Security::cipher('hello world', $key);

    echo $secret;

//output-> “€=™7DxÌô¥®

// Later decrypt your text with same key

$nosecret = Security::cipher($secret, $key);

echo $nosecret;

//output-> “hello world



Security.salt

Security.salt is the hash which is used to encrypt passwords or any other string in Security::hash($string,$type=null,$salt=false). Its types are BLOWFISH, SHA256 (default if do not pass any type), SHA256. If no encryption method (sha1, sha256) is available then Security::hash() method returns md5() of $string passed to it.

e.g.-->

-->Default encryption method (sha1)

echo Security::hash("ashish");

 //default sha1 type is used to encrypt. And no security salt used

//output->428b6da53085b8fd7b37e9fb259c0c609bd09984

-->Blowfish encryption method

echo Security::hash("ashish","blowfish");

//every time the hash will be different

//output->$2a$10$uh4ZtynR.UyhPC0vkV/F6ehG6./faI3EugP.x4Xte9HjYJ/9Hcwmi

echo Security::hash("ashish","blowfish",false);

//in case of type=blowfish, salt must be false or no need to pass salt, otherwise no hash will be generated

//output->$2a$10$ynJZ/YLMVhLgH14Rzs6mFuBYsa3ZHEP5UBrDfZGIho5EyFJod6dhq

echo Security::hash("ashish","blowfish",”ashish”);

//output->[blank]



-->SHA1 encryption method used

echo Security::hash("ashish","sha1"); 

//no security salt used

//output->428b6da53085b8fd7b37e9fb259c0c609bd09984

echo Security::hash("ashish","sha1","ashish"); 

//”ashish” as salt is used. //output->6c545c22ee55d67404dcf5a3dd939e3756ca884e

echo Security::hash("ashish","sha1",true);

//true means application’s security salt is also used to encrypt the string

//output->f4d1f8fc159b36949660810568a303144c8f6f8a

-->SHA256 encryption method used

echo Security::hash("ashish","sha256"); 

//no security salt used

//output->05d08de271d2773a504b3a30f98df26cccda55689a8dc3514f55d3f247553d2b

echo Security::hash("ashish","sha256","ashish");

//”ashish” as salt is used //output->c20b4ea687b17165031270746eabd00171b25e00d4ac168abff0b14e7f602774

echo Security::hash("ashish","sha256",true);

//true means application’s security salt is also used to encrypt the string

//output->880f2861e4510c1ddebc00e067c4e4cf345b31c92a12cd7a19b47bbc727bf424

Webner Solutions is a Software Development company focused on developing CRM apps (Salesforce, Zoho), LMS Apps (Moodle/Totara), Websites and Mobile apps. If you need Web development or any other software development assistance please contact us at webdevelopment@webners.com

Webner Solutions is a Software Development company focused on developing Insurance Agency Management Systems, Learning Management Systems and Salesforce apps. Contact us at dev@webners.com for your Insurance, eLearning and Salesforce applications.

Leave a Reply

Your email address will not be published. Required fields are marked *