Using MD5 in symfony2 security.yml for legacy users

Question

I have a legacy system which contains md5 hashed passwords. I have tested these to be correct and they do not use a salt.

security.yml

s         


        

Answer 1

Turns out that the md5 in symfony2 uses a salt by default. There may be an easier way, but I just created a custom md5 password encoder interface that ignores salt.

Register a service

namespace.project.md5password.encoder:
    class: Namepspace\MyBundle\Services\CustomMd5PasswordEncoder

Create the encoder service

namespace Namespace\MyBundle\Services;

use Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface;

class CustomMd5PasswordEncoder implements PasswordEncoderInterface
{
    public function __construct() {
    }

    public function encodePassword($raw, $salt) {
        return md5($raw);
    }

    public function isPasswordValid($encoded, $raw, $salt) {
        return md5($raw) == $encoded;
    }
}

Use the new service in security.yml

security:
    encoders:
        Namespace\MyBundle\Entity\User:
            id: namespace.project.md5password.encoder

Hope this helps