PhpassPasswordHash implements PasswordHashInterface

Class that implements PHPass salted hashing based on Drupal's modified Openwall implementation.

Derived from Drupal CMS original license: GNU General Public License (GPL)

PHPass should work on every system.

Tags
see
http://drupal.org/node/29706/
see
http://www.openwall.com/phpass/

Table of Contents

Interfaces

PasswordHashInterface
Interface with public methods needed to be implemented in a salting hashing class.

Constants

PREFIX  = '$P$'
Prefix for the password hash.

Properties

$options  : array<string|int, mixed>

Methods

__construct()  : mixed
Constructor sets options if given
checkPassword()  : bool
Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.
getHashedPassword()  : string|null
Method creates a hash for a given plaintext password
isAvailable()  : bool
Returns whether all prerequisites for the hashing methods are matched
isHashUpdateNeeded()  : bool
Checks whether a user's hashed password needs to be replaced with a new hash.
isValidSaltedPW()  : bool
Method determines if a given string is a valid salted hashed password.
applySettingsToSalt()  : string
Method applies settings (prefix, hash count) to a salt.
base64Encode()  : string
Encodes bytes into printable base 64 using the *nix standard from crypt().
cryptPassword()  : mixed
Hashes a password using a secure stretched hash.
getCountLog2()  : int
Parses the log2 iteration count from a stored hash or setting string.
getGeneratedSalt()  : string
Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.
getItoa64()  : string
Returns a string for mapping an int to the corresponding base 64 character.
getLengthBase64FromBytes()  : int
Method determines required length of base64 characters for a given length of a byte string.
isValidSalt()  : bool
Method determines if a given string is a valid salt.

Constants

PREFIX

Prefix for the password hash.

protected mixed PREFIX = '$P$'

Properties

$options

protected array<string|int, mixed> $options = ['hash_count' => 14]

The default log2 number of iterations for password stretching.

Methods

__construct()

Constructor sets options if given

public __construct([array<string|int, mixed> $options = [] ]) : mixed
Parameters
$options : array<string|int, mixed> = []

checkPassword()

Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.

public checkPassword(string $plainPW, string $saltedHashPW) : bool
Parameters
$plainPW : string

Plain-text password to compare with salted hash

$saltedHashPW : string

Salted hash to compare plain-text password with

Return values
bool

TRUE, if plain-text password matches the salted hash, otherwise FALSE

getHashedPassword()

Method creates a hash for a given plaintext password

public getHashedPassword(string $password) : string|null
Parameters
$password : string

Plaintext password to create a hash from

Return values
string|null

Hashed password or null on empty password

isAvailable()

Returns whether all prerequisites for the hashing methods are matched

public isAvailable() : bool
Return values
bool

Method available

isHashUpdateNeeded()

Checks whether a user's hashed password needs to be replaced with a new hash.

public isHashUpdateNeeded(string $passString) : bool

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable $hashCount or HASH_COUNT.

Parameters
$passString : string

Salted hash to check if it needs an update

Return values
bool

TRUE if salted hash needs an update, otherwise FALSE

isValidSaltedPW()

Method determines if a given string is a valid salted hashed password.

public isValidSaltedPW(string $saltedPW) : bool
Parameters
$saltedPW : string

String to check

Return values
bool

TRUE if it's valid salted hashed password, otherwise FALSE

applySettingsToSalt()

Method applies settings (prefix, hash count) to a salt.

protected applySettingsToSalt(string $salt) : string
Parameters
$salt : string

A salt to apply setting to

Return values
string

Salt with setting

base64Encode()

Encodes bytes into printable base 64 using the *nix standard from crypt().

protected base64Encode(string $input, int $count) : string
Parameters
$input : string

The string containing bytes to encode.

$count : int

The number of characters (bytes) to encode.

Return values
string

Encoded string

cryptPassword()

Hashes a password using a secure stretched hash.

protected cryptPassword(string $password, string $setting) : mixed

By using a salt and repeated hashing the password is "stretched". Its security is increased because it becomes much more computationally costly for an attacker to try to break the hash by brute-force computation of the hashes of a large number of plain-text words or strings to find a match.

Parameters
$password : string

Plain-text password to hash

$setting : string

An existing hash or the output of getGeneratedSalt()

Return values
mixed

A string containing the hashed password (and salt)

getCountLog2()

Parses the log2 iteration count from a stored hash or setting string.

protected getCountLog2(string $setting) : int
Parameters
$setting : string

Complete hash or a hash's setting string or to get log2 iteration count from

Return values
int

Used hashcount for given hash string

getGeneratedSalt()

Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.

protected getGeneratedSalt() : string

Proper use of salts may defeat a number of attacks, including:

  • The ability to try candidate passwords against multiple hashes at once.
  • The ability to use pre-hashed lists of candidate passwords.
  • The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.
Return values
string

A character string containing settings and a random salt

getItoa64()

Returns a string for mapping an int to the corresponding base 64 character.

protected getItoa64() : string
Return values
string

String for mapping an int to the corresponding base 64 character

getLengthBase64FromBytes()

Method determines required length of base64 characters for a given length of a byte string.

protected getLengthBase64FromBytes(int $byteLength) : int
Parameters
$byteLength : int

Length of bytes to calculate in base64 chars

Return values
int

Required length of base64 characters

isValidSalt()

Method determines if a given string is a valid salt.

protected isValidSalt(string $salt) : bool
Parameters
$salt : string

String to check

Return values
bool

TRUE if it's valid salt, otherwise FALSE


        
On this page

Search results