‪TYPO3CMS  9.5
Public Member Functions | Public Attributes | Protected Member Functions | Protected Attributes | Private Attributes | List of all members
TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash Class Reference
Inheritance diagram for TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash:
TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt

Public Member Functions

 __construct (array $options=[])
 
bool checkPassword (string $plainPW, string $saltedHashPW)
 
bool isAvailable ()
 
string null getHashedPassword (string $password, string $salt=null)
 
bool isHashUpdateNeeded (string $passString)
 
bool isValidSaltedPW (string $saltedPW)
 
int getHashCount ()
 
int getMaxHashCount ()
 
int getMinHashCount ()
 
int getSaltLength ()
 
string getSetting ()
 
 setHashCount (int $hashCount=null)
 
 setMaxHashCount (int $maxHashCount=null)
 
 setMinHashCount (int $minHashCount=null)
 
- ‪Public Member Functions inherited from ‪TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface
string getHashedPassword (string $password)
 

Public Attributes

const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
 
const HASH_COUNT = 14
 
const MAX_HASH_COUNT = 24
 
const MIN_HASH_COUNT = 7
 

Protected Member Functions

string applySettingsToSalt (string $salt)
 
mixed cryptPassword (string $password, string $setting)
 
int getCountLog2 (string $setting)
 
string getGeneratedSalt ()
 
string getItoa64 ()
 
bool isValidSalt (string $salt)
 
string base64Encode (string $input, int $count)
 
int getLengthBase64FromBytes (int $byteLength)
 

Protected Attributes

const PREFIX = '$P$'
 
array $options
 

Private Attributes

array $deprecatedPublicMethods
 

Detailed Description

Class that implements PHPass salted hashing based on Drupal's modified Openwall implementation.

Derived from Drupal CMS original license: GNU General Public License (GPL)

PHPass should work on every system.

See also
http://drupal.org/node/29706/
http://www.openwall.com/phpass/

Definition at line 33 of file PhpassPasswordHash.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::__construct ( array  $options = [])

Constructor sets options if given

Parameters
array$options

Definition at line 91 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\$options.

Member Function Documentation

◆ applySettingsToSalt()

string TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::applySettingsToSalt ( string  $salt)
protected

Method applies settings (prefix, hash count) to a salt.

Parameters
string$salt‪A salt to apply setting to
Returns
‪string Salt with setting

Definition at line 193 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getItoa64(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getLengthBase64FromBytes().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getHashedPassword().

◆ base64Encode()

string TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::base64Encode ( string  $input,
int  $count 
)
protected

Encodes bytes into printable base 64 using the *nix standard from crypt().

Parameters
string$input‪The string containing bytes to encode.
int$count‪The number of characters (bytes) to encode.
Returns
‪string Encoded string

Definition at line 321 of file PhpassPasswordHash.php.

References $output, and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getItoa64().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\cryptPassword(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getGeneratedSalt().

◆ checkPassword()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::checkPassword ( string  $plainPW,
string  $saltedHashPW 
)

Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.

Parameters
string$plainPW‪Plain-text password to compare with salted hash
string$saltedHashPW‪Salted hash to compare plain-text password with
Returns
‪bool TRUE, if plain-text password matches the salted hash, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 114 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\cryptPassword().

◆ cryptPassword()

mixed TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::cryptPassword ( string  $password,
string  $setting 
)
protected

Hashes a password using a secure stretched hash.

By using a salt and repeated hashing the password is "stretched". Its security is increased because it becomes much more computationally costly for an attacker to try to break the hash by brute-force computation of the hashes of a large number of plain-text words or strings to find a match.

Parameters
string$password‪Plain-text password to hash
string$setting‪An existing hash or the output of getGeneratedSalt()
Returns
‪mixed A string containing the hashed password (and salt)

Definition at line 219 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\base64Encode(), TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getCountLog2(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getLengthBase64FromBytes().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\checkPassword(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getHashedPassword().

◆ getCountLog2()

int TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::getCountLog2 ( string  $setting)
protected

Parses the log2 iteration count from a stored hash or setting string.

Parameters
string$setting‪Complete hash or a hash's setting string or to get log2 iteration count from
Returns
‪int Used hashcount for given hash string

Definition at line 252 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getItoa64().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\cryptPassword(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\isHashUpdateNeeded().

◆ getGeneratedSalt()

string TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::getGeneratedSalt ( )
protected

Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.

Proper use of salts may defeat a number of attacks, including:

  • ‪The ability to try candidate passwords against multiple hashes at once.
  • ‪The ability to use pre-hashed lists of candidate passwords.
  • ‪The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.
Returns
‪string A character string containing settings and a random salt

Definition at line 268 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\base64Encode().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getHashedPassword().

◆ getHashCount()

int TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::getHashCount ( )

Method returns log2 number of iterations for password stretching.

Returns
‪int log2 number of iterations for password stretching
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 367 of file PhpassPasswordHash.php.

◆ getHashedPassword()

string null TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::getHashedPassword ( string  $password,
string  $salt = null 
)

Method creates a salted hash for a given plaintext password

Parameters
string$password‪Plaintext password to create a salted hash from
string$salt‪Deprecated optional custom salt with setting to use
Returns
‪string|null salted hashed password

Definition at line 137 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\applySettingsToSalt(), TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\cryptPassword(), TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getGeneratedSalt(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\isValidSalt().

◆ getItoa64()

string TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::getItoa64 ( )
protected

Returns a string for mapping an int to the corresponding base 64 character.

Returns
‪string String for mapping an int to the corresponding base 64 character

Definition at line 279 of file PhpassPasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\applySettingsToSalt(), TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\base64Encode(), TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getCountLog2(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\isValidSalt().

◆ getLengthBase64FromBytes()

int TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::getLengthBase64FromBytes ( int  $byteLength)
protected

Method determines required length of base64 characters for a given length of a byte string.

Parameters
int$byteLength‪Length of bytes to calculate in base64 chars
Returns
‪int Required length of base64 characters

Definition at line 355 of file PhpassPasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\applySettingsToSalt(), TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\cryptPassword(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\isValidSalt().

◆ getMaxHashCount()

int TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::getMaxHashCount ( )

Method returns maximum allowed log2 number of iterations for password stretching.

Returns
‪int Maximum allowed log2 number of iterations for password stretching
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 379 of file PhpassPasswordHash.php.

◆ getMinHashCount()

int TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::getMinHashCount ( )

Method returns minimum allowed log2 number of iterations for password stretching.

Returns
‪int Minimum allowed log2 number of iterations for password stretching
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 391 of file PhpassPasswordHash.php.

◆ getSaltLength()

int TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::getSaltLength ( )

Returns length of a Blowfish salt in bytes.

Returns
‪int Length of a Blowfish salt in bytes
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 403 of file PhpassPasswordHash.php.

◆ getSetting()

string TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::getSetting ( )

Returns setting string of PHPass salted hashes.

Returns
‪string Setting string of PHPass salted hashes
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 415 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\PREFIX.

◆ isAvailable()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::isAvailable ( )

Returns whether all prerequisites for the hashing methods are matched

Returns
‪bool Method available

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 125 of file PhpassPasswordHash.php.

◆ isHashUpdateNeeded()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::isHashUpdateNeeded ( string  $passString)

Checks whether a user's hashed password needs to be replaced with a new hash.

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable $hashCount or HASH_COUNT.

Parameters
string$passString‪Salted hash to check if it needs an update
Returns
‪bool TRUE if salted hash needs an update, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 162 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getCountLog2().

◆ isValidSalt()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::isValidSalt ( string  $salt)
protected

Method determines if a given string is a valid salt.

Parameters
string$salt‪String to check
Returns
‪bool TRUE if it's valid salt, otherwise FALSE

Definition at line 290 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getItoa64(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getLengthBase64FromBytes().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getHashedPassword(), and TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\isValidSaltedPW().

◆ isValidSaltedPW()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::isValidSaltedPW ( string  $saltedPW)

Method determines if a given string is a valid salted hashed password.

Parameters
string$saltedPW‪String to check
Returns
‪bool TRUE if it's valid salted hashed password, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 178 of file PhpassPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\isValidSalt().

◆ setHashCount()

TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::setHashCount ( int  $hashCount = null)

Method sets log2 number of iterations for password stretching.

Parameters
int$hashCount‪log2 number of iterations for password stretching to set
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 427 of file PhpassPasswordHash.php.

◆ setMaxHashCount()

TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::setMaxHashCount ( int  $maxHashCount = null)

Method sets maximum allowed log2 number of iterations for password stretching.

Parameters
int$maxHashCount‪Maximum allowed log2 number of iterations for password stretching to set
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 441 of file PhpassPasswordHash.php.

◆ setMinHashCount()

TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::setMinHashCount ( int  $minHashCount = null)

Method sets minimum allowed log2 number of iterations for password stretching.

Parameters
int$minHashCount‪Minimum allowed log2 number of iterations for password stretching to set
Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 453 of file PhpassPasswordHash.php.

Member Data Documentation

◆ $deprecatedPublicMethods

array TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::$deprecatedPublicMethods
private
Initial value:
= array(
'isValidSalt' => 'Using PhpassPasswordHash::isValidSalt() is deprecated and will not be possible anymore in TYPO3 v10.0.',
'base64Encode' => 'Using PhpassPasswordHash::base64Encode() is deprecated and will not be possible anymore in TYPO3 v10.0.',
)

Definition at line 39 of file PhpassPasswordHash.php.

◆ $options

array TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::$options
protected
Initial value:
= array(
'hash_count' => 14
)

The default log2 number of iterations for password stretching.

Definition at line 51 of file PhpassPasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\__construct().

◆ HASH_COUNT

const TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::HASH_COUNT = 14

The default log2 number of iterations for password stretching.

Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 68 of file PhpassPasswordHash.php.

◆ ITOA64

const TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'

Keeps a string for mapping an int to the corresponding base 64 character.

Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 61 of file PhpassPasswordHash.php.

◆ MAX_HASH_COUNT

const TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::MAX_HASH_COUNT = 24

The default maximum allowed log2 number of iterations for password stretching.

Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 76 of file PhpassPasswordHash.php.

◆ MIN_HASH_COUNT

const TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::MIN_HASH_COUNT = 7

The default minimum allowed log2 number of iterations for password stretching.

Deprecated:
‪and will be removed in TYPO3 v10.0.

Definition at line 84 of file PhpassPasswordHash.php.

◆ PREFIX

const TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash::PREFIX = '$P$'
protected

Prefix for the password hash.

Definition at line 47 of file PhpassPasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\PhpassPasswordHash\getSetting().