Flarum encryption technique

Applepiee

Hi,

We're currently working on synchronizing our main website with the forum (Flarum), and are thinking of adding a user to the flarum database after he logs into the main site, in order to fetch the raw password of the user and encrypt it into the database.

However my coder is having trouble finding out which encryption technique and hash we need to use in order to store the passwords.

Thanks in advance for the help!

clarkwinkelmann

Flarum is using the default PHP hashing, which is bcrypt.

Also see:

https://discuss.flarum.org/d/3766-password-encoding-process
https://discuss.flarum.org/d/311-encryption-method-for-password
https://discuss.flarum.org/d/4239-how-to-bulk-add-users-via-either-sql-or-api

matteocontrini

...wrapped by the Laravel BcryptHasher class:

https://github.com/laravel/framework/blob/7840082ad414ea0baca4beaa790135097fbdcdf2/src/Illuminate/Hashing/BcryptHasher.php#L47

P.S. it happens every time that people talk about "encoding" or "encrypting" password, but that's something you should never do. Passwords must be hashed with cryptographic hash functions, or even better algorithms specifically designed for hasing password, like bcrypt.