‪TYPO3CMS  9.5
Public Member Functions | Public Attributes | Protected Member Functions | Protected Attributes | Private Attributes | List of all members
TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash Class Reference
Inheritance diagram for TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash:
TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface TYPO3\CMS\Saltedpasswords\Salt\Pbkdf2Salt

Public Member Functions

 __construct (array $options=[])
 
bool checkPassword (string $plainPW, string $saltedHashPW)
 
bool isAvailable ()
 
string null getHashedPassword (string $password, string $salt=null)
 
bool isValidSaltedPW (string $saltedPW)
 
bool isHashUpdateNeeded (string $saltedPW)
 
int getHashCount ()
 
int getMaxHashCount ()
 
int getMinHashCount ()
 
int getSaltLength ()
 
string getSetting ()
 
 setHashCount (int $hashCount=null)
 
 setMaxHashCount (int $maxHashCount=null)
 
 setMinHashCount (int $minHashCount=null)
 
- ‪Public Member Functions inherited from ‪TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface
string getHashedPassword (string $password)
 

Public Attributes

const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
 
const HASH_COUNT = 25000
 
const MAX_HASH_COUNT = 10000000
 
const MIN_HASH_COUNT = 1000
 

Protected Member Functions

int null getIterationCount (string $setting)
 
string null getHashedPasswordInternal (string $password, string $salt=null)
 
string getGeneratedSalt ()
 
string getStoredSalt (string $salt)
 
string getItoa64 ()
 
bool isValidSalt (string $salt)
 
int getLengthBase64FromBytes (int $byteLength)
 
string base64Encode (string $input, int $count)
 
string base64Decode (string $value)
 

Protected Attributes

const PREFIX = '$pbkdf2-sha256$'
 
array $options
 

Private Attributes

array $deprecatedPublicMethods
 

Detailed Description

Class that implements PBKDF2 salted hashing based on PHP's hash_pbkdf2() function.

Definition at line 26 of file Pbkdf2PasswordHash.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::__construct ( array  $options = [])

Constructor sets options if given

Parameters
array$options

Definition at line 83 of file Pbkdf2PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\$options.

Member Function Documentation

◆ base64Decode()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::base64Decode ( string  $value)
protected

Adapted version of base64_encoding for compatibility with python passlib. The output of this function is is identical to base64_encode, except that it uses . instead of +, and omits trailing padding = and whitepsace.

Parameters
string$value
Returns
‪string

Definition at line 330 of file Pbkdf2PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getStoredSalt().

◆ base64Encode()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::base64Encode ( string  $input,
int  $count 
)
protected

Adapted version of base64_encoding for compatibility with python passlib. The output of this function is is identical to base64_encode, except that it uses . instead of +, and omits trailing padding = and whitepsace.

Parameters
string$input‪The string containing bytes to encode.
int$count‪The number of characters (bytes) to encode.
Returns
‪string Encoded string

Definition at line 317 of file Pbkdf2PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getHashedPasswordInternal().

◆ checkPassword()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::checkPassword ( string  $plainPW,
string  $saltedHashPW 
)

Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.

Parameters
string$plainPW‪plain-text password to compare with salted hash
string$saltedHashPW‪salted hash to compare plain-text password with
Returns
‪bool TRUE, if plain-text password matches the salted hash, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 106 of file Pbkdf2PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getHashedPasswordInternal(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\isValidSalt().

◆ getGeneratedSalt()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getGeneratedSalt ( )
protected

Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.

Proper use of salts may defeat a number of attacks, including:

  • ‪The ability to try candidate passwords against multiple hashes at once.
  • ‪The ability to use pre-hashed lists of candidate passwords.
  • ‪The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.
Returns
‪string A character string containing settings and a random salt

Definition at line 233 of file Pbkdf2PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getHashedPasswordInternal().

◆ getHashCount()

int TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getHashCount ( )

Method returns number of iterations for password stretching.

Returns
‪int number of iterations for password stretching
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 341 of file Pbkdf2PasswordHash.php.

◆ getHashedPassword()

string null TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getHashedPassword ( string  $password,
string  $salt = null 
)

Method creates a salted hash for a given plaintext password

Parameters
string$password‪plaintext password to create a salted hash from
string$salt‪Deprecated optional custom salt with setting to use
Returns
‪string|null Salted hashed password

Definition at line 128 of file Pbkdf2PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getHashedPasswordInternal().

◆ getHashedPasswordInternal()

string null TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getHashedPasswordInternal ( string  $password,
string  $salt = null 
)
protected

Method creates a salted hash for a given plaintext password

Parameters
string$password‪plaintext password to create a salted hash from
string$salt‪Optional custom salt with setting to use
Returns
‪string|null Salted hashed password

Definition at line 200 of file Pbkdf2PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\base64Encode(), TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getGeneratedSalt(), TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getIterationCount(), TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getStoredSalt(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\isValidSalt().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\checkPassword(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getHashedPassword().

◆ getIterationCount()

int null TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getIterationCount ( string  $setting)
protected

Parses the log2 iteration count from a stored hash or setting string.

Parameters
string$setting‪Complete hash or a hash's setting string or to get log2 iteration count from
Returns
‪int|null Used hashcount for given hash string

Definition at line 178 of file Pbkdf2PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getHashedPasswordInternal(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\isHashUpdateNeeded().

◆ getItoa64()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getItoa64 ( )
protected

Returns a string for mapping an int to the corresponding base 64 character.

Returns
‪string String for mapping an int to the corresponding base 64 character

Definition at line 261 of file Pbkdf2PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\isValidSalt().

◆ getLengthBase64FromBytes()

int TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getLengthBase64FromBytes ( int  $byteLength)
protected

Method determines required length of base64 characters for a given length of a byte string.

Parameters
int$byteLength‪Length of bytes to calculate in base64 chars
Returns
‪int Required length of base64 characters

Definition at line 303 of file Pbkdf2PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\isValidSalt().

◆ getMaxHashCount()

int TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getMaxHashCount ( )

Method returns maximum allowed number of iterations for password stretching.

Returns
‪int Maximum allowed number of iterations for password stretching
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 353 of file Pbkdf2PasswordHash.php.

◆ getMinHashCount()

int TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getMinHashCount ( )

Method returns minimum allowed number of iterations for password stretching.

Returns
‪int Minimum allowed number of iterations for password stretching
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 365 of file Pbkdf2PasswordHash.php.

◆ getSaltLength()

int TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getSaltLength ( )

Returns length of a PBKDF2 salt in bytes.

Returns
‪int Length of a PBKDF2 salt in bytes
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 377 of file Pbkdf2PasswordHash.php.

◆ getSetting()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getSetting ( )

Returns setting string of PBKDF2 salted hashes.

Returns
‪string Setting string of PBKDF2 salted hashes
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 389 of file Pbkdf2PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\PREFIX.

◆ getStoredSalt()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getStoredSalt ( string  $salt)
protected

Parses the salt out of a salt string including settings. If the salt does not include settings it is returned unmodified.

Parameters
string$salt
Returns
‪string

Definition at line 245 of file Pbkdf2PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\base64Decode().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getHashedPasswordInternal().

◆ isAvailable()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::isAvailable ( )

Returns whether all prerequisites for the hashing methods are matched

Returns
‪bool Method available

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 116 of file Pbkdf2PasswordHash.php.

◆ isHashUpdateNeeded()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::isHashUpdateNeeded ( string  $saltedPW)

Checks whether a user's hashed password needs to be replaced with a new hash.

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable $this->options['hashCount'].

Parameters
string$saltedPW‪Salted hash to check if it needs an update
Returns
‪bool TRUE if salted hash needs an update, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 161 of file Pbkdf2PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getIterationCount(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\isValidSalt().

◆ isValidSalt()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::isValidSalt ( string  $salt)
protected

Method determines if a given string is a valid salt.

Parameters
string$salt‪String to check
Returns
‪bool TRUE if it's valid salt, otherwise FALSE

Definition at line 272 of file Pbkdf2PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getItoa64(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getLengthBase64FromBytes().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\checkPassword(), TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getHashedPasswordInternal(), TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\isHashUpdateNeeded(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\isValidSaltedPW().

◆ isValidSaltedPW()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::isValidSaltedPW ( string  $saltedPW)

Method determines if a given string is a valid salted hashed password.

Parameters
string$saltedPW‪String to check
Returns
‪bool TRUE if it's valid salted hashed password, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 142 of file Pbkdf2PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\isValidSalt().

◆ setHashCount()

TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::setHashCount ( int  $hashCount = null)

Method sets number of iterations for password stretching.

Parameters
int$hashCount‪number of iterations for password stretching to set
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 401 of file Pbkdf2PasswordHash.php.

◆ setMaxHashCount()

TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::setMaxHashCount ( int  $maxHashCount = null)

Method sets maximum allowed number of iterations for password stretching.

Parameters
int$maxHashCount‪Maximum allowed number of iterations for password stretching to set
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 415 of file Pbkdf2PasswordHash.php.

◆ setMinHashCount()

TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::setMinHashCount ( int  $minHashCount = null)

Method sets minimum allowed number of iterations for password stretching.

Parameters
int$minHashCount‪Minimum allowed number of iterations for password stretching to set
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 427 of file Pbkdf2PasswordHash.php.

Member Data Documentation

◆ $deprecatedPublicMethods

array TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::$deprecatedPublicMethods
private
Initial value:
= array(
'isValidSalt' => 'Using Pbkdf2PasswordHash::isValidSalt() is deprecated and will not be possible anymore in TYPO3 v10.0.',
'base64Encode' => 'Using Pbkdf2PasswordHash::base64Encode() is deprecated and will not be possible anymore in TYPO3 v10.0.',
'base64Decode' => 'Using Pbkdf2PasswordHash::base64Decode() is deprecated and will not be possible anymore in TYPO3 v10.0.',
)

Definition at line 32 of file Pbkdf2PasswordHash.php.

◆ $options

array TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::$options
protected
Initial value:
= array(
'hash_count' => 25000
)

The default log2 number of iterations for password stretching.

Definition at line 45 of file Pbkdf2PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\__construct().

◆ HASH_COUNT

const TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::HASH_COUNT = 25000

The default number of iterations for password stretching.

Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 62 of file Pbkdf2PasswordHash.php.

◆ ITOA64

const TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'

Keeps a string for mapping an int to the corresponding base 64 character.

Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 55 of file Pbkdf2PasswordHash.php.

◆ MAX_HASH_COUNT

const TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::MAX_HASH_COUNT = 10000000

The default maximum allowed number of iterations for password stretching.

Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 69 of file Pbkdf2PasswordHash.php.

◆ MIN_HASH_COUNT

const TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::MIN_HASH_COUNT = 1000

The default minimum allowed number of iterations for password stretching.

Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 76 of file Pbkdf2PasswordHash.php.

◆ PREFIX

const TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::PREFIX = '$pbkdf2-sha256$'
protected

Prefix for the password hash.

Definition at line 41 of file Pbkdf2PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getSetting().