Skip to content

finalcut/SaltAndHash

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 

Repository files navigation

SaltAndHash

Coldfusion Salt and Hash Implementation

This basically just provides an easy encapsulated way to salt and hash strings using either SHA 256, 384, or 512 so that it will work on the CF Standard Edition as well. I believe this will work on CF 9 and newer (though it should be trivial to get it to work on CF 8 if it doesn't)

There are three sleep calls of one millisecond each; these are intentional and have a negligible effect on performance. I basically use them to help the randomizers used by the various functions be a little more random.

Credit in large part goes to http://crackstation.net/hashing-security.htm where I gained a much better understanding of salted hashing. It's a great read.

Usage:

<!---  salt and hash a password before saving it --->
<cfscript>
	saltAndHasher = createObject("component", "saltAndHash").init();
	passwordData = saltAndHasher.saltAndHash("myPassword");
</cfscript>
	<cfquery name="savePassword" datasource="x">
		INSERT INTO user_profile
			(
				password
				, salt
				, hashid
				)
			VALUES (
				<cfqueryparam cfsqltype="cf_sql_varchar" value="#passwordData.hashedString#") />,
				<cfqueryparam cfsqltype="cf_sql_varchar" value="#passwordData.salt#") />,
				<cfqueryparam cfsqltype="cf_sql_varchar" value="#passwordData.hashMethod#") />
			)
	</cfquery>


<!--- reproduce the hash if you have the hash method and salt already --->

<cfscript>
	passwordIsValid = saltAndHasher.validateHashedString("myPassword", passwordData.salt, passwordData.hashMethod, passwordData.hashedString)

	assertTrue(passwordIsValid);
</cfscript>


<

About

Coldfusion Salt and Hash Implementation

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published