‪TYPO3CMS  9.5
Public Member Functions | Protected Attributes | List of all members
TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash Class Reference
Inheritance diagram for TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash:
TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface TYPO3\CMS\Saltedpasswords\Salt\Argon2iSalt

Public Member Functions

 __construct (array $options=[])
 
bool checkPassword (string $plainPW, string $saltedHashPW)
 
bool isAvailable ()
 
string null getHashedPassword (string $password, string $salt=null)
 
bool isHashUpdateNeeded (string $passString)
 
bool isValidSaltedPW (string $saltedPW)
 
array getOptions ()
 
 setOptions (array $options)
 
- ‪Public Member Functions inherited from ‪TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface
string getHashedPassword (string $password)
 

Protected Attributes

const PREFIX = '$argon2i$'
 
array $options
 

Detailed Description

This class implements the 'argon2i' flavour of the php password api.

Hashes are identified by the prefix '$argon2i$'.

The length of a argon2i password hash (in the form it is received from PHP) depends on the environment.

See also
‪PASSWORD_ARGON2I in https://secure.php.net/manual/en/password.constants.php

Definition at line 28 of file Argon2iPasswordHash.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash::__construct ( array  $options = [])

Constructor sets options if given

Parameters
array$options
Exceptions

Definition at line 57 of file Argon2iPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash\$options.

Member Function Documentation

◆ checkPassword()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash::checkPassword ( string  $plainPW,
string  $saltedHashPW 
)

Checks if a given plaintext password is correct by comparing it with a given salted hashed password.

Parameters
string$plainPW‪plain text password to compare with salted hash
string$saltedHashPW‪Salted hash to compare plain-text password with
Returns
‪bool TRUE, if plaintext password is correct, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 98 of file Argon2iPasswordHash.php.

◆ getHashedPassword()

string null TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash::getHashedPassword ( string  $password,
string  $salt = null 
)

Creates a salted hash for a given plaintext password

Parameters
string$password‪Plaintext password to create a salted hash from
string$salt‪Deprecated optional custom salt to use
Returns
‪string|null Salted hashed password

Definition at line 121 of file Argon2iPasswordHash.php.

Referenced by TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\Argon2iPasswordHashTest\isHashUpdateNeededReturnsTrueForHashGeneratedWithOldOptions().

◆ getOptions()

array TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash::getOptions ( )
Returns
‪array
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 171 of file Argon2iPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash\$options.

◆ isAvailable()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash::isAvailable ( )

Returns true if PHP is compiled '–with-password-argon2' so the hash algorithm is available.

Returns
‪bool

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 109 of file Argon2iPasswordHash.php.

◆ isHashUpdateNeeded()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash::isHashUpdateNeeded ( string  $passString)

Checks whether a user's hashed password needs to be replaced with a new hash, for instance if options changed.

Parameters
string$passString‪Salted hash to check if it needs an update
Returns
‪bool TRUE if salted hash needs an update, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 143 of file Argon2iPasswordHash.php.

Referenced by TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\Argon2iPasswordHashTest\isHashUpdateNeededReturnsTrueForHashGeneratedWithOldOptions().

◆ isValidSaltedPW()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash::isValidSaltedPW ( string  $saltedPW)

Determines if a given string is a valid salted hashed password.

Parameters
string$saltedPW‪String to check
Returns
‪bool TRUE if it's valid salted hashed password, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 154 of file Argon2iPasswordHash.php.

◆ setOptions()

TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash::setOptions ( array  $options)

Set new memory_cost, time_cost, and thread values.

Parameters
array$options
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 183 of file Argon2iPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash\$options.

Member Data Documentation

◆ $options

array TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash::$options
protected
Initial value:
= array(
'memory_cost' => 65536,
'time_cost' => 16
)

The PHP defaults are rather low ('memory_cost' => 65536, 'time_cost' => 4, 'threads' => 1) We raise that significantly by default. At the time of this writing, with the options below, password_verify() needs about 130ms on an I7 6820 on 2 CPU's.

We are not raising the amount of threads used, as that might lead to problems on various systems - see #90612

Note the default values are set again in 'setOptions' below if needed.

Definition at line 46 of file Argon2iPasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash\__construct(), TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash\getOptions(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash\setOptions().

◆ PREFIX

const TYPO3\CMS\Core\Crypto\PasswordHashing\Argon2iPasswordHash::PREFIX = '$argon2i$'
protected

Prefix for the password hash.

Definition at line 33 of file Argon2iPasswordHash.php.