Argon2iPasswordHash extends AbstractArgon2PasswordHash

This class implements the 'argon2i' flavour of the php password api.

Hashes are identified by the prefix '$argon2i$'.

The length of an argon2i password hash (in the form it is received from PHP) depends on the environment.

Tags
see
PASSWORD_ARGON2I

in https://secure.php.net/manual/en/password.constants.php

Table of Contents

Properties

$options  : array<string|int, mixed>
The PHP defaults are rather low ('memory_cost' => 65536, 'time_cost' => 4, 'threads' => 1) We raise that significantly by default. At the time of this writing, with the options below, password_verify() needs about 130ms on an I7 6820 on 2 CPU's (argon2i).

Methods

__construct()  : mixed
Constructor sets options if given
checkPassword()  : bool
Checks if a given plaintext password is correct by comparing it with a given salted hashed password.
getHashedPassword()  : string|null
Creates a salted hash for a given plaintext password
getPasswordAlgorithmName()  : string
getPasswordHashPrefix()  : string
isAvailable()  : bool
Returns true if PHP is compiled '--with-password-argon2' so the hash algorithm is available.
isHashUpdateNeeded()  : bool
Checks whether a user's hashed password needs to be replaced with a new hash, for instance if options changed.
isValidSaltedPW()  : bool
Determines if a given string is a valid salted hashed password.
getPasswordAlgorithm()  : int|string|null
Returns password algorithm constant from name

Properties

$options

The PHP defaults are rather low ('memory_cost' => 65536, 'time_cost' => 4, 'threads' => 1) We raise that significantly by default. At the time of this writing, with the options below, password_verify() needs about 130ms on an I7 6820 on 2 CPU's (argon2i).

protected array<string|int, mixed> $options = ['memory_cost' => 65536, 'time_cost' => 16]

We are not raising the amount of threads used, as that might lead to problems on various systems - see #90612

Methods

__construct()

Constructor sets options if given

public __construct([array<string|int, mixed> $options = [] ]) : mixed
Parameters
$options : array<string|int, mixed> = []
Tags
throws
InvalidArgumentException

checkPassword()

Checks if a given plaintext password is correct by comparing it with a given salted hashed password.

public checkPassword(string $plainPW, string $saltedHashPW) : bool
Parameters
$plainPW : string

plain text password to compare with salted hash

$saltedHashPW : string

Salted hash to compare plain-text password with

Return values
bool

TRUE, if plaintext password is correct, otherwise FALSE

getHashedPassword()

Creates a salted hash for a given plaintext password

public getHashedPassword(string $password) : string|null
Parameters
$password : string

Plaintext password to create a salted hash from

Return values
string|null

Salted hashed password

getPasswordAlgorithmName()

public getPasswordAlgorithmName() : string
Return values
string

getPasswordHashPrefix()

public getPasswordHashPrefix() : string
Return values
string

isAvailable()

Returns true if PHP is compiled '--with-password-argon2' so the hash algorithm is available.

public isAvailable() : bool
Return values
bool

isHashUpdateNeeded()

Checks whether a user's hashed password needs to be replaced with a new hash, for instance if options changed.

public isHashUpdateNeeded(string $passString) : bool
Parameters
$passString : string

Salted hash to check if it needs an update

Return values
bool

TRUE if salted hash needs an update, otherwise FALSE

isValidSaltedPW()

Determines if a given string is a valid salted hashed password.

public isValidSaltedPW(string $saltedPW) : bool
Parameters
$saltedPW : string

String to check

Return values
bool

TRUE if it's valid salted hashed password, otherwise FALSE

getPasswordAlgorithm()

Returns password algorithm constant from name

protected getPasswordAlgorithm() : int|string|null

Since PHP 7.4 Password hashing algorithm identifiers are nullable strings rather than integers.

Return values
int|string|null

        
On this page

Search results