Changed sha1 into bcrypt

wouterj · weaverryan · commit 2a1a34936336 · 2014-01-01T18:38:21.000-06:00
diff --git a/book/security.rst b/book/security.rst
@@ -1363,6 +1363,15 @@ any extra encoding. You can now calculate the hashed password either programmati
     Supported algorithms for this method depend on your PHP version.
     A full list is available calling the PHP function :phpfunction:`hash_algos`.
 
+.. caution::
+
+    The above example is not meaned for practical usage, it uses a weak hash
+    algorithm and it is only done to be able to generate the password easily. Using
+    :ref:`BCrypt <reference-security-bcrypt>` is a better option.
+
+.. versionadded:: 2.2
+    The BCrypt encoder was introduced in Symfony 2.2.
+
 If you're creating your users dynamically (and storing them in a database),
 you can use even tougher hashing algorithms and then rely on an actual password
 encoder object to help you encode passwords. For example, suppose your User
@@ -1378,15 +1387,15 @@ configure the encoder for that user:
             # ...
 
             encoders:
-                Acme\UserBundle\Entity\User: sha512
+                Acme\UserBundle\Entity\User: bcrypt
 
     .. code-block:: xml
 
         <!-- app/config/security.xml -->
         <config>
             <!-- ... -->
 
-            <encoder class="Acme\UserBundle\Entity\User" algorithm="sha512" />
+            <encoder class="Acme\UserBundle\Entity\User" algorithm="bcrypt" />
         </config>
 
     .. code-block:: php
@@ -1395,20 +1404,17 @@ configure the encoder for that user:
         $container->loadFromExtension('security', array(
             // ...
             'encoders' => array(
-                'Acme\UserBundle\Entity\User' => 'sha512',
+                'Acme\UserBundle\Entity\User' => 'bcrypt',
             ),
         ));
 
-In this case, you're using the stronger ``sha512`` algorithm. Also, since
-you've simply specified the algorithm (``sha512``) as a string, the system
-will default to hashing your password 5000 times in a row and then encoding
-it as base64. In other words, the password has been greatly obfuscated so
-that the hashed password can't be decoded (i.e. you can't determine the password
-from the hashed password).
+In this case, you're using the strong ``bcrypt`` algorithm. This means that the
+password has been greatly obfuscated so that the hashed password can't be
+decoded (i.e. you can't determine the password from the hashed password).
 
 .. versionadded:: 2.2
     As of Symfony 2.2 you can also use the :ref:`PBKDF2 <reference-security-pbkdf2>`
-    and :ref:`BCrypt <reference-security-bcrypt>` password encoders.
+    password encoder.
 
 Determining the Hashed Password
 ...............................
diff --git a/cookbook/security/entity_provider.rst b/cookbook/security/entity_provider.rst
@@ -257,9 +257,7 @@ then be checked against your User entity records in the database:
         security:
             encoders:
                 Acme\UserBundle\Entity\User:
-                    algorithm:        sha1
-                    encode_as_base64: false
-                    iterations:       1
+                    algorithm: bcrypt
 
             role_hierarchy:
                 ROLE_ADMIN:       ROLE_USER
@@ -282,9 +280,7 @@ then be checked against your User entity records in the database:
         <!-- app/config/security.xml -->
         <config>
             <encoder class="Acme\UserBundle\Entity\User"
-                algorithm="sha1"
-                encode-as-base64="false"
-                iterations="1"
+                algorithm="bcrypt"
             />
 
             <role id="ROLE_ADMIN">ROLE_USER</role>
@@ -307,9 +303,7 @@ then be checked against your User entity records in the database:
         $container->loadFromExtension('security', array(
             'encoders' => array(
                 'Acme\UserBundle\Entity\User' => array(
-                    'algorithm'         => 'sha1',
-                    'encode_as_base64'  => false,
-                    'iterations'        => 1,
+                    'algorithm' => 'bcrypt',
                 ),
             ),
             'role_hierarchy' => array(
@@ -335,9 +329,9 @@ then be checked against your User entity records in the database:
             ),
         ));
 
-The ``encoders`` section associates the ``sha1`` password encoder to the entity
+The ``encoders`` section associates the ``bcrypt`` password encoder to the entity
 class. This means that Symfony will expect the password that's stored in
-the database to be encoded using this algorithm. For details on how to create
+the database to be encoded using this encoder. For details on how to create
 a new User object with a properly encoded password, see the
 :ref:`book-security-encoding-user-password` section of the security chapter.
 
