Using cakephp's Auth component with salted password hashes

Question

How can I make the Auth component of cakephp create, use and store a random salt with the password?

Answer 1

You can start here http://book.cakephp.org/view/566/Change-Hash-Function , and set the $authenticate variable to your user model:

class User extends AppModel {
    function hashPasswords($data) {
        if (isset($data['User']['password'])) {
            //Get the user to get the salt
            $user = $this->findByUsername($data['User']['username']);
            //Let's say you have a "salt" field in your db 
            $data['User']['password'] = md5($data['User']['password'].$user['User']['salt']);
            return $data;
        }
        return $data;
    }
}

Answer 2

Look into overriding the hash function used by the Auth component as described here.

Answer 3

There is no such functionality in Auth component. Take a look at Random String generator CakePHP component.