Purpose of Security.salt and Security.cipherSeed in CakePHP

cipherSeed in CakePHP
cipherSeed is used in Security::cipher() function to seed rand(). Seed means to give the initial value to rand() function to start and based on that the future values by rand() function are generated. In php, before 4.2.0 version, Random Number Generator (rand() function) needed to seed using srand(). In cakephp to seed random number generator, cipherSeed is used instead. After php 4.2.0 Random Number Generator is seeded automatically.

E.g. srand(Configure::read('Security.cipherSeed')); //usage in cipher() function

Security::cipher(string,key) is used to encrypt/decrypt any string.

E.g. $key = 'wt1U5MACWJFTXGenFoZoiLwQGrLgdbHA';

// Encrypt your text with key

    $secret = Security::cipher('hello world', $key);

    echo $secret;

//output-> “€=™7DxÌô¥®

// Later decrypt your text with same key

$nosecret = Security::cipher($secret, $key);

echo $nosecret;

//output-> “hello world



Security.salt is the hash which is used to encrypt passwords or any other string in Security::hash($string,$type=null,$salt=false). Its types are BLOWFISH, SHA256 (default if do not pass any type), SHA256. If no encryption method (sha1, sha256) is available then Security::hash() method returns md5() of $string passed to it.


-->Default encryption method (sha1)

echo Security::hash("ashish");

 //default sha1 type is used to encrypt. And no security salt used


-->Blowfish encryption method

echo Security::hash("ashish","blowfish");

//every time the hash will be different


echo Security::hash("ashish","blowfish",false);

//in case of type=blowfish, salt must be false or no need to pass salt, otherwise no hash will be generated


echo Security::hash("ashish","blowfish",”ashish”);



-->SHA1 encryption method used

echo Security::hash("ashish","sha1"); 

//no security salt used


echo Security::hash("ashish","sha1","ashish"); 

//”ashish” as salt is used. //output->6c545c22ee55d67404dcf5a3dd939e3756ca884e

echo Security::hash("ashish","sha1",true);

//true means application’s security salt is also used to encrypt the string


-->SHA256 encryption method used

echo Security::hash("ashish","sha256"); 

//no security salt used


echo Security::hash("ashish","sha256","ashish");

//”ashish” as salt is used //output->c20b4ea687b17165031270746eabd00171b25e00d4ac168abff0b14e7f602774

echo Security::hash("ashish","sha256",true);

//true means application’s security salt is also used to encrypt the string


Webner Solutions is a Software Development company focused on developing CRM apps (Salesforce, Zoho), LMS Apps (Moodle/Totara), Websites and Mobile apps. If you need Web development or any other software development assistance please contact us at webdevelopment@webners.com

Leave a Reply

Your email address will not be published. Required fields are marked *