‪TYPO3CMS  ‪main
Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash Class Reference
Inheritance diagram for TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash:
TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface

Public Member Functions

 __construct (array $options=[])
 
 isAvailable ()
 
 checkPassword (string $plainPW, string $saltedHashPW)
 
 getHashedPassword (string $password)
 
bool isValidSaltedPW (string $saltedPW)
 
bool isHashUpdateNeeded (string $passString)
 

Protected Member Functions

 processPlainPassword (string $password)
 
 isValidBcryptCost (int $cost)
 

Protected Attributes

const PREFIX = '$2y$'
 
array $options
 

Detailed Description

This class implements the 'bcrypt' flavour of the php password api.

Hashes are identified by the prefix '$2y$'.

To work around the limitations of bcrypt (accepts not more than 72 chars and truncates on NUL bytes), the plain password is pre-hashed before the actual password-hash is generated/verified.

See also
‪PASSWORD_BCRYPT in https://secure.php.net/manual/en/password.constants.php

Definition at line 31 of file BcryptPasswordHash.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash::__construct ( array  $options = [])

Constructor sets options if given

Exceptions

Definition at line 52 of file BcryptPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\$options, and TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\isValidBcryptCost().

Member Function Documentation

◆ checkPassword()

TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash::checkPassword ( string  $plainPW,
string  $saltedHashPW 
)

Checks if a given plaintext password is correct by comparing it with a given salted hashed password.

Parameters
string$plainPW‪plain text password to compare with salted hash
string$saltedHashPW‪Salted hash to compare plain-text password with

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 83 of file BcryptPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\processPlainPassword().

◆ getHashedPassword()

TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash::getHashedPassword ( string  $password)

Extend parent method to workaround bcrypt limitations.

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 91 of file BcryptPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\processPlainPassword().

Referenced by TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\isHashUpdateNeededReturnsTrueForHashGeneratedWithOldOptions().

◆ isAvailable()

TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash::isAvailable ( )

bcrypt is always available in PHP core hash functions.

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 71 of file BcryptPasswordHash.php.

◆ isHashUpdateNeeded()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash::isHashUpdateNeeded ( string  $passString)

Checks whether a user's hashed password needs to be replaced with a new hash.

Parameters
string$passString‪Salted hash to check if it needs an update
Returns
‪bool TRUE if salted hash needs an update, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 131 of file BcryptPasswordHash.php.

Referenced by TYPO3\CMS\Core\Tests\Unit\Crypto\PasswordHashing\BcryptPasswordHashTest\isHashUpdateNeededReturnsTrueForHashGeneratedWithOldOptions().

◆ isValidBcryptCost()

TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash::isValidBcryptCost ( int  $cost)
protected
See also
https://github.com/php/php-src/blob/php-7.2.0/ext/standard/password.c#L441-L444

Definition at line 152 of file BcryptPasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\__construct(), and TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\isValidSaltedPW().

◆ isValidSaltedPW()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash::isValidSaltedPW ( string  $saltedPW)

Determines if a given string is a valid salted hashed password.

Parameters
string$saltedPW‪String to check
Returns
‪bool TRUE if it's valid salted hashed password, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 110 of file BcryptPasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\isValidBcryptCost().

◆ processPlainPassword()

TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash::processPlainPassword ( string  $password)
protected

The plain password is processed through sha384 and then base64 encoded. This will produce a 64 characters input to use with password_* functions, which has some advantages:

  1. ‪It is close to the (bcrypt-) maximum of 72 character keyspace
  2. ‪base64 will never produce NUL bytes (bcrypt truncates on NUL bytes)
  3. ‪sha384 is resistant to length extension attacks

Definition at line 144 of file BcryptPasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\checkPassword(), and TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\getHashedPassword().

Member Data Documentation

◆ $options

array TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash::$options
protected
Initial value:
= array(
'cost' => 12,
)

Raise default PHP cost (10). At the time of this writing, this leads to 150-200ms computing time on a casual I7 CPU.

Definition at line 43 of file BcryptPasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash\__construct().

◆ PREFIX

const TYPO3\CMS\Core\Crypto\PasswordHashing\BcryptPasswordHash::PREFIX = '$2y$'
protected

Prefix for the password hash

Definition at line 36 of file BcryptPasswordHash.php.