TYPO3 CMS  TYPO3_6-2
Public Member Functions | Public Attributes | Protected Member Functions | Static Protected Attributes | List of all members
TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt Class Reference
Inheritance diagram for TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt:
TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt TYPO3\CMS\Saltedpasswords\Salt\SaltInterface tx_saltedpasswords_salts_phpass

Public Member Functions

 checkPassword ($plainPW, $saltedHashPW)
 
 isAvailable ()
 
 getHashCount ()
 
 getHashedPassword ($password, $salt=NULL)
 
 getMaxHashCount ()
 
 getMinHashCount ()
 
 getSaltLength ()
 
 getSetting ()
 
 isHashUpdateNeeded ($passString)
 
 isValidSalt ($salt)
 
 isValidSaltedPW ($saltedPW)
 
 setHashCount ($hashCount=NULL)
 
 setMaxHashCount ($maxHashCount=NULL)
 
 setMinHashCount ($minHashCount=NULL)
 
- Public Member Functions inherited from TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt
 base64Encode ($input, $count)
 

Public Attributes

const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
 
const HASH_COUNT = 14
 
const MAX_HASH_COUNT = 24
 
const MIN_HASH_COUNT = 7
 

Protected Member Functions

 applySettingsToSalt ($salt)
 
 cryptPassword ($password, $setting)
 
 getCountLog2 ($setting)
 
 getGeneratedSalt ()
 
 getItoa64 ()
 
- Protected Member Functions inherited from TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt
 applySettingsToSalt ($salt)
 
 getGeneratedSalt ()
 
 getItoa64 ()
 
 getSetting ()
 
 getLengthBase64FromBytes ($byteLength)
 

Static Protected Attributes

static $hashCount
 
static $maxHashCount
 
static $minHashCount
 
static $saltLengthPhpass = 6
 
static $settingPhpass = '$P$'
 

Detailed Description

This file is part of the TYPO3 CMS project.

It is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License, either version 2 of the License, or any later version.

For the full copyright and license information, please read the LICENSE.txt file that was distributed with this source code.

The TYPO3 project - inspiring people to share! Class that implements PHPass salted hashing based on Drupal's modified Openwall implementation.

Derived from Drupal CMS original license: GNU General Public License (GPL)

PHPass should work on every system.

Author
Marcus Krause <marcus::exp2009.info>
See also
http://drupal.org/node/29706/
http://www.openwall.com/phpass/

Definition at line 30 of file PhpassSalt.php.

Member Function Documentation

◆ applySettingsToSalt()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::applySettingsToSalt (   $salt)
protected

Method applies settings (prefix, hash count) to a salt.

Overwrites Md5Salt::applySettingsToSalt() with Blowfish specifics.

Parameters
string$saltA salt to apply setting to
Returns
string Salt with setting

Definition at line 98 of file PhpassSalt.php.

References TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getHashCount(), TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getItoa64(), TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt\getLengthBase64FromBytes(), TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getSaltLength(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getSetting().

Referenced by TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getHashedPassword().

◆ checkPassword()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::checkPassword (   $plainPW,
  $saltedHashPW 
)

Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.

Parameters
string$plainPWPlain-text password to compare with salted hash
string$saltedHashPWSalted hash to compare plain-text password with
Returns
boolean TRUE, if plain-text password matches the salted hash, otherwise FALSE

Implements TYPO3\CMS\Saltedpasswords\Salt\SaltInterface.

Definition at line 119 of file PhpassSalt.php.

References TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\cryptPassword().

◆ cryptPassword()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::cryptPassword (   $password,
  $setting 
)
protected

Hashes a password using a secure stretched hash.

By using a salt and repeated hashing the password is "stretched". Its security is increased because it becomes much more computationally costly for an attacker to try to break the hash by brute-force computation of the hashes of a large number of plain-text words or strings to find a match.

Parameters
string$passwordPlain-text password to hash
string$settingAn existing hash or the output of getGeneratedSalt()
Returns
mixed A string containing the hashed password (and salt)

Definition at line 145 of file PhpassSalt.php.

References TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt\base64Encode(), TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getCountLog2(), TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt\getLengthBase64FromBytes(), TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getMaxHashCount(), TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getMinHashCount(), TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getSaltLength(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getSetting().

Referenced by TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\checkPassword(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getHashedPassword().

◆ getCountLog2()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::getCountLog2 (   $setting)
protected

Parses the log2 iteration count from a stored hash or setting string.

Parameters
string$settingComplete hash or a hash's setting string or to get log2 iteration count from
Returns
integer Used hashcount for given hash string

Definition at line 177 of file PhpassSalt.php.

References TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getItoa64(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getSetting().

Referenced by TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\cryptPassword(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\isHashUpdateNeeded().

◆ getGeneratedSalt()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::getGeneratedSalt ( )
protected

Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.

Proper use of salts may defeat a number of attacks, including:

  • The ability to try candidate passwords against multiple hashes at once.
  • The ability to use pre-hashed lists of candidate passwords.
  • The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.
Returns
string A character string containing settings and a random salt

Definition at line 192 of file PhpassSalt.php.

References TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt\base64Encode(), TYPO3\CMS\Core\Utility\GeneralUtility\generateRandomBytes(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getSaltLength().

Referenced by TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getHashedPassword().

◆ getHashCount()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::getHashCount ( )

Method returns log2 number of iterations for password stretching.

Returns
integer log2 number of iterations for password stretching
See also
HASH_COUNT
$hashCount
setHashCount()

Definition at line 205 of file PhpassSalt.php.

Referenced by TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\applySettingsToSalt(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\isHashUpdateNeeded().

◆ getHashedPassword()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::getHashedPassword (   $password,
  $salt = NULL 
)

Method creates a salted hash for a given plaintext password

Parameters
string$passwordPlaintext password to create a salted hash from
string$saltOptional custom salt with setting to use
Returns
string salted hashed password

Implements TYPO3\CMS\Saltedpasswords\Salt\SaltInterface.

Definition at line 216 of file PhpassSalt.php.

References TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\applySettingsToSalt(), TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\cryptPassword(), TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getGeneratedSalt(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\isValidSalt().

◆ getItoa64()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::getItoa64 ( )
protected

Returns a string for mapping an int to the corresponding base 64 character.

Returns
string String for mapping an int to the corresponding base 64 character

Definition at line 232 of file PhpassSalt.php.

Referenced by TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\applySettingsToSalt(), TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getCountLog2(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\isValidSalt().

◆ getMaxHashCount()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::getMaxHashCount ( )

Method returns maximum allowed log2 number of iterations for password stretching.

Returns
integer Maximum allowed log2 number of iterations for password stretching
See also
MAX_HASH_COUNT
$maxHashCount
setMaxHashCount()

Definition at line 244 of file PhpassSalt.php.

Referenced by TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\cryptPassword(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\setHashCount().

◆ getMinHashCount()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::getMinHashCount ( )

Method returns minimum allowed log2 number of iterations for password stretching.

Returns
integer Minimum allowed log2 number of iterations for password stretching
See also
MIN_HASH_COUNT
$minHashCount
setMinHashCount()

Definition at line 256 of file PhpassSalt.php.

Referenced by TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\cryptPassword(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\setHashCount().

◆ getSaltLength()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::getSaltLength ( )

Returns length of a Blowfish salt in bytes.

Returns
integer Length of a Blowfish salt in bytes

Implements TYPO3\CMS\Saltedpasswords\Salt\SaltInterface.

Definition at line 265 of file PhpassSalt.php.

Referenced by TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\applySettingsToSalt(), TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\cryptPassword(), TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getGeneratedSalt(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\isValidSalt().

◆ getSetting()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::getSetting ( )

Returns setting string of PHPass salted hashes.

Returns
string Setting string of PHPass salted hashes

Definition at line 274 of file PhpassSalt.php.

Referenced by TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\applySettingsToSalt(), TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\cryptPassword(), TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getCountLog2(), TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\isValidSalt(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\isValidSaltedPW().

◆ isAvailable()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::isAvailable ( )

Returns whether all prerequisites for the hashing methods are matched

Returns
boolean Method available

Implements TYPO3\CMS\Saltedpasswords\Salt\SaltInterface.

Definition at line 129 of file PhpassSalt.php.

◆ isHashUpdateNeeded()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::isHashUpdateNeeded (   $passString)

Checks whether a user's hashed password needs to be replaced with a new hash.

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable $hashCount or HASH_COUNT or if the user's password hash was generated in an bulk update with class ext_update.

Parameters
string$passStringSalted hash to check if it needs an update
Returns
boolean TRUE if salted hash needs an update, otherwise FALSE

Implements TYPO3\CMS\Saltedpasswords\Salt\SaltInterface.

Definition at line 290 of file PhpassSalt.php.

References TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getCountLog2(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getHashCount().

◆ isValidSalt()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::isValidSalt (   $salt)

Method determines if a given string is a valid salt.

Parameters
string$saltString to check
Returns
boolean TRUE if it's valid salt, otherwise FALSE

Implements TYPO3\CMS\Saltedpasswords\Salt\SaltInterface.

Definition at line 305 of file PhpassSalt.php.

References TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getItoa64(), TYPO3\CMS\Saltedpasswords\Salt\AbstractSalt\getLengthBase64FromBytes(), TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getSaltLength(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getSetting().

Referenced by TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getHashedPassword(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\isValidSaltedPW().

◆ isValidSaltedPW()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::isValidSaltedPW (   $saltedPW)

Method determines if a given string is a valid salted hashed password.

Parameters
string$saltedPWString to check
Returns
boolean TRUE if it's valid salted hashed password, otherwise FALSE

Implements TYPO3\CMS\Saltedpasswords\Salt\SaltInterface.

Definition at line 334 of file PhpassSalt.php.

References TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getSetting(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\isValidSalt().

◆ setHashCount()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::setHashCount (   $hashCount = NULL)

Method sets log2 number of iterations for password stretching.

Parameters
integer$hashCountlog2 number of iterations for password stretching to set
See also
HASH_COUNT
$hashCount
getHashCount()

Definition at line 351 of file PhpassSalt.php.

References TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\$hashCount, TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getMaxHashCount(), and TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\getMinHashCount().

◆ setMaxHashCount()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::setMaxHashCount (   $maxHashCount = NULL)

Method sets maximum allowed log2 number of iterations for password stretching.

Parameters
integer$maxHashCountMaximum allowed log2 number of iterations for password stretching to set
See also
MAX_HASH_COUNT
$maxHashCount
getMaxHashCount()

Definition at line 363 of file PhpassSalt.php.

References TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\$maxHashCount.

◆ setMinHashCount()

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::setMinHashCount (   $minHashCount = NULL)

Method sets minimum allowed log2 number of iterations for password stretching.

Parameters
integer$minHashCountMinimum allowed log2 number of iterations for password stretching to set
See also
MIN_HASH_COUNT
$minHashCount
getMinHashCount()

Definition at line 375 of file PhpassSalt.php.

References TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\$minHashCount.

Member Data Documentation

◆ $hashCount

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::$hashCount
staticprotected

Definition at line 57 of file PhpassSalt.php.

Referenced by TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\setHashCount().

◆ $maxHashCount

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::$maxHashCount
staticprotected

Definition at line 65 of file PhpassSalt.php.

Referenced by TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\setMaxHashCount().

◆ $minHashCount

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::$minHashCount
staticprotected

Definition at line 73 of file PhpassSalt.php.

Referenced by TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt\setMinHashCount().

◆ $saltLengthPhpass

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::$saltLengthPhpass = 6
staticprotected

Definition at line 80 of file PhpassSalt.php.

◆ $settingPhpass

TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::$settingPhpass = '$P$'
staticprotected

Definition at line 87 of file PhpassSalt.php.

◆ HASH_COUNT

const TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::HASH_COUNT = 14

The default log2 number of iterations for password stretching.

Definition at line 40 of file PhpassSalt.php.

◆ ITOA64

const TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'

Keeps a string for mapping an int to the corresponding base 64 character.

Definition at line 36 of file PhpassSalt.php.

◆ MAX_HASH_COUNT

const TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::MAX_HASH_COUNT = 24

The default maximum allowed log2 number of iterations for password stretching.

Definition at line 45 of file PhpassSalt.php.

◆ MIN_HASH_COUNT

const TYPO3\CMS\Saltedpasswords\Salt\PhpassSalt::MIN_HASH_COUNT = 7

The default minimum allowed log2 number of iterations for password stretching.

Definition at line 50 of file PhpassSalt.php.