reference taken from here
I do not recommend the use of this code in any scenario, ever. MD5 is a horrible hashing algorithm for security as it is too resource-light to discourage cracking. It also has known vulnerabilities. Use bcrypt or SHA-512.
To do this, you can edit AppController.php
like this:
<?php
// AppController.php
public function beforeFilter()
{
Security::setHash('md5');
}
?>
However, this is not recommended as MD5 is a very poor password hashing algorithm. You're far better adding a function to allow users to login with existing md5
passwords, encouraging them to upgrade to the new hash, and not allowing any new users to set MD5 passwords.
If, instead you want to use a secure function like bcrypt
, you can do the following:
<?php
// AppController.php
public function beforeFilter()
{
Security::setHash('blowfish');
}
?>
When comparing plaintext values to hashes, you have to pass the original hash as the salt value in order to retain cost parameters etc:
$newHash = Security::hash($newPassword, 'blowfish', $storedPassword);