[Security] improved entropy to make collision attacks harder

author: Johannes Schmitt <schmittjoh@gmail.com> 2011-03-05 13:30:27 +0100
committer: Johannes Schmitt <schmittjoh@gmail.com> 2011-03-05 13:30:27 +0100
commit: d22a10a8cfa6a31a9c4af75a94ef7b8c9fabd818 (patch)
tree: c3235ddbbea9137fb889b1039531aedbd523f4e1 /Core/Encoder/MessageDigestPasswordEncoder.php
parent: a45d4a21c023980a2d652234d7068a477a20f6e8 (diff)
download: symfony-security-d22a10a8cfa6a31a9c4af75a94ef7b8c9fabd818.zip
symfony-security-d22a10a8cfa6a31a9c4af75a94ef7b8c9fabd818.tar.gz
symfony-security-d22a10a8cfa6a31a9c4af75a94ef7b8c9fabd818.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/Core/Encoder/MessageDigestPasswordEncoder.php b/Core/Encoder/MessageDigestPasswordEncoder.php
index 811dd4c..d874ce7 100644
--- a/Core/Encoder/MessageDigestPasswordEncoder.php
+++ b/Core/Encoder/MessageDigestPasswordEncoder.php
@@ -49,7 +49,7 @@ class MessageDigestPasswordEncoder extends BasePasswordEncoder
 
         // "stretch" hash
         for ($i = 1; $i < $this->iterations; $i++) {
-            $digest = hash($this->algorithm, $digest, true);
+            $digest = hash($this->algorithm, $digest.$salted, true);
         }
 
         return $this->encodeHashAsBase64 ? base64_encode($digest) : bin2hex($digest);
author	Johannes Schmitt <schmittjoh@gmail.com>	2011-03-05 13:30:27 +0100
committer	Johannes Schmitt <schmittjoh@gmail.com>	2011-03-05 13:30:27 +0100
commit	d22a10a8cfa6a31a9c4af75a94ef7b8c9fabd818 (patch)
tree	c3235ddbbea9137fb889b1039531aedbd523f4e1 /Core/Encoder/MessageDigestPasswordEncoder.php
parent	a45d4a21c023980a2d652234d7068a477a20f6e8 (diff)
download	symfony-security-d22a10a8cfa6a31a9c4af75a94ef7b8c9fabd818.zip symfony-security-d22a10a8cfa6a31a9c4af75a94ef7b8c9fabd818.tar.gz symfony-security-d22a10a8cfa6a31a9c4af75a94ef7b8c9fabd818.tar.bz2