‪TYPO3CMS  ‪main
TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash Class Reference
Inheritance diagram for TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash:
TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface

Public Member Functions

 __construct (array $options=[])
 
bool checkPassword (string $plainPW, string $saltedHashPW)
 
bool isAvailable ()
 
 getHashedPassword (string $password)
 
bool isValidSaltedPW (string $saltedPW)
 
bool isHashUpdateNeeded (string $saltedPW)
 

Protected Member Functions

int null getIterationCount (string $setting)
 
string null getHashedPasswordInternal (string $password, ?string $salt=null)
 
string getGeneratedSalt ()
 
 getStoredSalt (string $salt)
 
string getItoa64 ()
 
bool isValidSalt (string $salt)
 
int getLengthBase64FromBytes (int $byteLength)
 
string base64Encode (string $input, int $count)
 
 base64Decode (string $value)
 

Protected Attributes

const PREFIX = '$pbkdf2-sha256$'
 
array $options
 

Detailed Description

Class that implements PBKDF2 salted hashing based on PHP's hash_pbkdf2() function.

Definition at line 27 of file Pbkdf2PasswordHash.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::__construct ( array  $options = [])

Constructor sets options if given

Definition at line 43 of file Pbkdf2PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\$options.

Member Function Documentation

◆ base64Decode()

TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::base64Decode ( string  $value)
protected

Adapted version of base64_encoding for compatibility with python passlib. The output of this function is is identical to base64_encode, except that it uses . instead of +, and omits trailing padding = and whitespace.

Definition at line 274 of file Pbkdf2PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getStoredSalt().

◆ base64Encode()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::base64Encode ( string  $input,
int  $count 
)
protected

Adapted version of base64_encoding for compatibility with python passlib. The output of this function is is identical to base64_encode, except that it uses . instead of +, and omits trailing padding = and whitespace.

Parameters
string$input‪The string containing bytes to encode.
int$count‪The number of characters (bytes) to encode.
Returns
‪string Encoded string

Definition at line 264 of file Pbkdf2PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getHashedPasswordInternal().

◆ checkPassword()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::checkPassword ( string  $plainPW,
string  $saltedHashPW 
)

Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.

Parameters
string$plainPW‪plain-text password to compare with salted hash
string$saltedHashPW‪salted hash to compare plain-text password with
Returns
‪bool TRUE, if plain-text password matches the salted hash, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 66 of file Pbkdf2PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getHashedPasswordInternal(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\isValidSalt().

◆ getGeneratedSalt()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getGeneratedSalt ( )
protected

Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.

Proper use of salts may defeat a number of attacks, including:

  • ‪The ability to try candidate passwords against multiple hashes at once.
  • ‪The ability to use pre-hashed lists of candidate passwords.
  • ‪The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.
Returns
‪string A character string containing settings and a random salt

Definition at line 183 of file Pbkdf2PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getHashedPasswordInternal().

◆ getHashedPassword()

TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getHashedPassword ( string  $password)

Method creates a hash for a given plaintext password

Parameters
string$password‪Plaintext password to create a hash from
Returns
‪string|null Hashed password or null on empty password

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 81 of file Pbkdf2PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getHashedPasswordInternal().

◆ getHashedPasswordInternal()

string null TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getHashedPasswordInternal ( string  $password,
?string  $salt = null 
)
protected

◆ getIterationCount()

int null TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getIterationCount ( string  $setting)
protected

Parses the log2 iteration count from a stored hash or setting string.

Parameters
string$setting‪Complete hash or a hash's setting string or to get log2 iteration count from
Returns
‪int|null Used hashcount for given hash string

Definition at line 128 of file Pbkdf2PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getHashedPasswordInternal(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\isHashUpdateNeeded().

◆ getItoa64()

string TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getItoa64 ( )
protected

Returns a string for mapping an int to the corresponding base 64 character.

Returns
‪string String for mapping an int to the corresponding base 64 character

Definition at line 208 of file Pbkdf2PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\isValidSalt().

◆ getLengthBase64FromBytes()

int TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getLengthBase64FromBytes ( int  $byteLength)
protected

Method determines required length of base64 characters for a given length of a byte string.

Parameters
int$byteLength‪Length of bytes to calculate in base64 chars
Returns
‪int Required length of base64 characters

Definition at line 250 of file Pbkdf2PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\isValidSalt().

◆ getStoredSalt()

TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::getStoredSalt ( string  $salt)
protected

Parses the salt out of a salt string including settings. If the salt does not include settings it is returned unmodified.

Definition at line 192 of file Pbkdf2PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\base64Decode(), and TYPO3\CMS\Core\Utility\GeneralUtility\trimExplode().

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getHashedPasswordInternal().

◆ isAvailable()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::isAvailable ( )

Returns whether all prerequisites for the hashing methods are matched

Returns
‪bool Method available

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 76 of file Pbkdf2PasswordHash.php.

◆ isHashUpdateNeeded()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::isHashUpdateNeeded ( string  $saltedPW)

Checks whether a user's hashed password needs to be replaced with a new hash.

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable $this->options['hashCount'].

Parameters
string$saltedPW‪Salted hash to check if it needs an update
Returns
‪bool TRUE if salted hash needs an update, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 111 of file Pbkdf2PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\getIterationCount(), and TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\isValidSalt().

◆ isValidSalt()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::isValidSalt ( string  $salt)
protected

◆ isValidSaltedPW()

bool TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::isValidSaltedPW ( string  $saltedPW)

Method determines if a given string is a valid salted hashed password.

Parameters
string$saltedPW‪String to check
Returns
‪bool TRUE if it's valid salted hashed password, otherwise FALSE

Implements TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashInterface.

Definition at line 92 of file Pbkdf2PasswordHash.php.

References TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\isValidSalt().

Member Data Documentation

◆ $options

array TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::$options
protected
Initial value:
= array(
'hash_count' => 25000,
)

The default log2 number of iterations for password stretching.

Definition at line 36 of file Pbkdf2PasswordHash.php.

Referenced by TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash\__construct().

◆ PREFIX

const TYPO3\CMS\Core\Crypto\PasswordHashing\Pbkdf2PasswordHash::PREFIX = '$pbkdf2-sha256$'
protected

Prefix for the password hash.

Definition at line 32 of file Pbkdf2PasswordHash.php.