PhpassPasswordHash implements PasswordHashInterface
Class that implements PHPass salted hashing based on Drupal's modified Openwall implementation.
Derived from Drupal CMS original license: GNU General Public License (GPL)
PHPass should work on every system.
Tags
Table of Contents
Interfaces
- PasswordHashInterface
- Interface with public methods needed to be implemented in a salting hashing class.
Constants
- PREFIX = '$P$'
- Prefix for the password hash.
Properties
- $options : array<string|int, mixed>
Methods
- __construct() : mixed
- Constructor sets options if given
- checkPassword() : bool
- Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.
- getHashedPassword() : string|null
- Method creates a salted hash for a given plaintext password
- isAvailable() : bool
- Returns whether all prerequisites for the hashing methods are matched
- isHashUpdateNeeded() : bool
- Checks whether a user's hashed password needs to be replaced with a new hash.
- isValidSaltedPW() : bool
- Method determines if a given string is a valid salted hashed password.
- applySettingsToSalt() : string
- Method applies settings (prefix, hash count) to a salt.
- base64Encode() : string
- Encodes bytes into printable base 64 using the *nix standard from crypt().
- cryptPassword() : mixed
- Hashes a password using a secure stretched hash.
- getCountLog2() : int
- Parses the log2 iteration count from a stored hash or setting string.
- getGeneratedSalt() : string
- Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.
- getItoa64() : string
- Returns a string for mapping an int to the corresponding base 64 character.
- getLengthBase64FromBytes() : int
- Method determines required length of base64 characters for a given length of a byte string.
- isValidSalt() : bool
- Method determines if a given string is a valid salt.
Constants
PREFIX
Prefix for the password hash.
protected
mixed
PREFIX
= '$P$'
Properties
$options
protected
array<string|int, mixed>
$options
= ['hash_count' => 14]
The default log2 number of iterations for password stretching.
Methods
__construct()
Constructor sets options if given
public
__construct([array<string|int, mixed> $options = [] ]) : mixed
Parameters
- $options : array<string|int, mixed> = []
checkPassword()
Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.
public
checkPassword(string $plainPW, string $saltedHashPW) : bool
Parameters
- $plainPW : string
-
Plain-text password to compare with salted hash
- $saltedHashPW : string
-
Salted hash to compare plain-text password with
Return values
bool —TRUE, if plain-text password matches the salted hash, otherwise FALSE
getHashedPassword()
Method creates a salted hash for a given plaintext password
public
getHashedPassword(string $password) : string|null
Parameters
- $password : string
-
Plaintext password to create a salted hash from
Return values
string|null —salted hashed password
isAvailable()
Returns whether all prerequisites for the hashing methods are matched
public
isAvailable() : bool
Return values
bool —Method available
isHashUpdateNeeded()
Checks whether a user's hashed password needs to be replaced with a new hash.
public
isHashUpdateNeeded(string $passString) : bool
This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable $hashCount or HASH_COUNT.
Parameters
- $passString : string
-
Salted hash to check if it needs an update
Return values
bool —TRUE if salted hash needs an update, otherwise FALSE
isValidSaltedPW()
Method determines if a given string is a valid salted hashed password.
public
isValidSaltedPW(string $saltedPW) : bool
Parameters
- $saltedPW : string
-
String to check
Return values
bool —TRUE if it's valid salted hashed password, otherwise FALSE
applySettingsToSalt()
Method applies settings (prefix, hash count) to a salt.
protected
applySettingsToSalt(string $salt) : string
Parameters
- $salt : string
-
A salt to apply setting to
Return values
string —Salt with setting
base64Encode()
Encodes bytes into printable base 64 using the *nix standard from crypt().
protected
base64Encode(string $input, int $count) : string
Parameters
- $input : string
-
The string containing bytes to encode.
- $count : int
-
The number of characters (bytes) to encode.
Return values
string —Encoded string
cryptPassword()
Hashes a password using a secure stretched hash.
protected
cryptPassword(string $password, string $setting) : mixed
By using a salt and repeated hashing the password is "stretched". Its security is increased because it becomes much more computationally costly for an attacker to try to break the hash by brute-force computation of the hashes of a large number of plain-text words or strings to find a match.
Parameters
- $password : string
-
Plain-text password to hash
- $setting : string
-
An existing hash or the output of getGeneratedSalt()
Return values
mixed —A string containing the hashed password (and salt)
getCountLog2()
Parses the log2 iteration count from a stored hash or setting string.
protected
getCountLog2(string $setting) : int
Parameters
- $setting : string
-
Complete hash or a hash's setting string or to get log2 iteration count from
Return values
int —Used hashcount for given hash string
getGeneratedSalt()
Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.
protected
getGeneratedSalt() : string
Proper use of salts may defeat a number of attacks, including:
- The ability to try candidate passwords against multiple hashes at once.
- The ability to use pre-hashed lists of candidate passwords.
- The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.
Return values
string —A character string containing settings and a random salt
getItoa64()
Returns a string for mapping an int to the corresponding base 64 character.
protected
getItoa64() : string
Return values
string —String for mapping an int to the corresponding base 64 character
getLengthBase64FromBytes()
Method determines required length of base64 characters for a given length of a byte string.
protected
getLengthBase64FromBytes(int $byteLength) : int
Parameters
- $byteLength : int
-
Length of bytes to calculate in base64 chars
Return values
int —Required length of base64 characters
isValidSalt()
Method determines if a given string is a valid salt.
protected
isValidSalt(string $salt) : bool
Parameters
- $salt : string
-
String to check
Return values
bool —TRUE if it's valid salt, otherwise FALSE