‪TYPO3CMS  10.4
Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash Class Reference
Inheritance diagram for TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash:
TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface

Public Member Functions

 __construct (array $options=[])
 
bool checkPassword (string $plainPW, string $saltedHashPW)
 
bool isAvailable ()
 
string null getHashedPassword (string $password)
 
bool isHashUpdateNeeded (string $passString)
 
bool isValidSaltedPW (string $saltedPW)
 

Protected Member Functions

string applySettingsToSalt (string $salt)
 
mixed cryptPassword (string $password, string $setting)
 
int getCountLog2 (string $setting)
 
string getGeneratedSalt ()
 
string getItoa64 ()
 
bool isValidSalt (string $salt)
 
string base64Encode (string $input, int $count)
 
int getLengthBase64FromBytes (int $byteLength)
 

Protected Attributes

const PREFIX = '$P$'
 
array $options
 

Detailed Description

Class that implements PHPass salted hashing based on Drupal's modified Openwall implementation.

Derived from Drupal CMS original license: GNU General Public License (GPL)

PHPass should work on every system.

See also
http://drupal.org/node/29706/
http://www.openwall.com/phpass/

Definition at line 34 of file PhpassPasswordHash.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::__construct ( array  $options = [])

Constructor sets options if given

Parameters
array$options

Definition at line 52 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\$options.

Member Function Documentation

◆ applySettingsToSalt()

string TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::applySettingsToSalt ( string  $salt)
protected

Method applies settings (prefix, hash count) to a salt.

Parameters
string$salt‪A salt to apply setting to
Returns
‪string Salt with setting

Definition at line 148 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getItoa64(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getLengthBase64FromBytes().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getHashedPassword().

◆ base64Encode()

string TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::base64Encode ( string  $input,
int  $count 
)
protected

Encodes bytes into printable base 64 using the *nix standard from crypt().

Parameters
string$input‪The string containing bytes to encode.
int$count‪The number of characters (bytes) to encode.
Returns
‪string Encoded string

Definition at line 276 of file PhpassPasswordHash.php.

References $output, and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getItoa64().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\cryptPassword(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getGeneratedSalt().

◆ checkPassword()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::checkPassword ( string  $plainPW,
string  $saltedHashPW 
)

Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.

Parameters
string$plainPW‪Plain-text password to compare with salted hash
string$saltedHashPW‪Salted hash to compare plain-text password with
Returns
‪bool TRUE, if plain-text password matches the salted hash, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 75 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\cryptPassword().

◆ cryptPassword()

mixed TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::cryptPassword ( string  $password,
string  $setting 
)
protected

Hashes a password using a secure stretched hash.

By using a salt and repeated hashing the password is "stretched". Its security is increased because it becomes much more computationally costly for an attacker to try to break the hash by brute-force computation of the hashes of a large number of plain-text words or strings to find a match.

Parameters
string$password‪Plain-text password to hash
string$setting‪An existing hash or the output of getGeneratedSalt()
Returns
‪mixed A string containing the hashed password (and salt)

Definition at line 174 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\base64Encode(), TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getCountLog2(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getLengthBase64FromBytes().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\checkPassword(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getHashedPassword().

◆ getCountLog2()

int TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::getCountLog2 ( string  $setting)
protected

Parses the log2 iteration count from a stored hash or setting string.

Parameters
string$setting‪Complete hash or a hash's setting string or to get log2 iteration count from
Returns
‪int Used hashcount for given hash string

Definition at line 207 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getItoa64().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\cryptPassword(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\isHashUpdateNeeded().

◆ getGeneratedSalt()

string TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::getGeneratedSalt ( )
protected

Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.

Proper use of salts may defeat a number of attacks, including:

  • ‪The ability to try candidate passwords against multiple hashes at once.
  • ‪The ability to use pre-hashed lists of candidate passwords.
  • ‪The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.
Returns
‪string A character string containing settings and a random salt

Definition at line 223 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\base64Encode().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getHashedPassword().

◆ getHashedPassword()

string null TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::getHashedPassword ( string  $password)

Method creates a salted hash for a given plaintext password

Parameters
string$password‪Plaintext password to create a salted hash from
Returns
‪string|null salted hashed password

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 97 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\applySettingsToSalt(), TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\cryptPassword(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getGeneratedSalt().

◆ getItoa64()

string TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::getItoa64 ( )
protected

Returns a string for mapping an int to the corresponding base 64 character.

Returns
‪string String for mapping an int to the corresponding base 64 character

Definition at line 234 of file PhpassPasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\applySettingsToSalt(), TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\base64Encode(), TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getCountLog2(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\isValidSalt().

◆ getLengthBase64FromBytes()

int TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::getLengthBase64FromBytes ( int  $byteLength)
protected

Method determines required length of base64 characters for a given length of a byte string.

Parameters
int$byteLength‪Length of bytes to calculate in base64 chars
Returns
‪int Required length of base64 characters

Definition at line 310 of file PhpassPasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\applySettingsToSalt(), TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\cryptPassword(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\isValidSalt().

◆ isAvailable()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::isAvailable ( )

Returns whether all prerequisites for the hashing methods are matched

Returns
‪bool Method available

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 86 of file PhpassPasswordHash.php.

◆ isHashUpdateNeeded()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::isHashUpdateNeeded ( string  $passString)

Checks whether a user's hashed password needs to be replaced with a new hash.

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable $hashCount or HASH_COUNT.

Parameters
string$passString‪Salted hash to check if it needs an update
Returns
‪bool TRUE if salted hash needs an update, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 117 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getCountLog2().

◆ isValidSalt()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::isValidSalt ( string  $salt)
protected

Method determines if a given string is a valid salt.

Parameters
string$salt‪String to check
Returns
‪bool TRUE if it's valid salt, otherwise FALSE

Definition at line 245 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getItoa64(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getLengthBase64FromBytes().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\isValidSaltedPW().

◆ isValidSaltedPW()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::isValidSaltedPW ( string  $saltedPW)

Method determines if a given string is a valid salted hashed password.

Parameters
string$saltedPW‪String to check
Returns
‪bool TRUE if it's valid salted hashed password, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 133 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\isValidSalt().

Member Data Documentation

◆ $options

array TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::$options
protected
Initial value:
= array(
'hash_count' => 14
)

The default log2 number of iterations for password stretching.

Definition at line 43 of file PhpassPasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\__construct().

◆ PREFIX

const TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::PREFIX = '$P$'
protected

Prefix for the password hash.

Definition at line 39 of file PhpassPasswordHash.php.