Pbkdf2PasswordHash implements PasswordHashInterface

Class that implements PBKDF2 salted hashing based on PHP's hash_pbkdf2() function.

Table of Contents

Interfaces

PasswordHashInterface
Interface with public methods needed to be implemented in a salting hashing class.

Constants

PREFIX  = '$pbkdf2-sha256$'
Prefix for the password hash.

Properties

$options  : array<string|int, mixed>

Methods

__construct()  : mixed
Constructor sets options if given
checkPassword()  : bool
Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.
getHashedPassword()  : string|null
Method creates a hash for a given plaintext password
isAvailable()  : bool
Returns whether all prerequisites for the hashing methods are matched
isHashUpdateNeeded()  : bool
Checks whether a user's hashed password needs to be replaced with a new hash.
isValidSaltedPW()  : bool
Method determines if a given string is a valid salted hashed password.
base64Decode()  : string
Adapted version of base64_encoding for compatibility with python passlib. The output of this function is is identical to base64_encode, except that it uses . instead of +, and omits trailing padding = and whitespace.
base64Encode()  : string
Adapted version of base64_encoding for compatibility with python passlib. The output of this function is is identical to base64_encode, except that it uses . instead of +, and omits trailing padding = and whitespace.
getGeneratedSalt()  : string
Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.
getHashedPasswordInternal()  : string|null
Method creates a salted hash for a given plaintext password
getIterationCount()  : int|null
Parses the log2 iteration count from a stored hash or setting string.
getItoa64()  : string
Returns a string for mapping an int to the corresponding base 64 character.
getLengthBase64FromBytes()  : int
Method determines required length of base64 characters for a given length of a byte string.
getStoredSalt()  : string
Parses the salt out of a salt string including settings. If the salt does not include settings it is returned unmodified.
isValidSalt()  : bool
Method determines if a given string is a valid salt.

Constants

PREFIX

Prefix for the password hash.

protected mixed PREFIX = '$pbkdf2-sha256$'

Properties

$options

protected array<string|int, mixed> $options = ['hash_count' => 25000]

The default log2 number of iterations for password stretching.

Methods

__construct()

Constructor sets options if given

public __construct([array<string|int, mixed> $options = [] ]) : mixed
Parameters
$options : array<string|int, mixed> = []

checkPassword()

Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.

public checkPassword(string $plainPW, string $saltedHashPW) : bool
Parameters
$plainPW : string

plain-text password to compare with salted hash

$saltedHashPW : string

salted hash to compare plain-text password with

Return values
bool

TRUE, if plain-text password matches the salted hash, otherwise FALSE

getHashedPassword()

Method creates a hash for a given plaintext password

public getHashedPassword(string $password) : string|null
Parameters
$password : string

Plaintext password to create a hash from

Return values
string|null

Hashed password or null on empty password

isAvailable()

Returns whether all prerequisites for the hashing methods are matched

public isAvailable() : bool
Return values
bool

Method available

isHashUpdateNeeded()

Checks whether a user's hashed password needs to be replaced with a new hash.

public isHashUpdateNeeded(string $saltedPW) : bool

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable $this->options['hashCount'].

Parameters
$saltedPW : string

Salted hash to check if it needs an update

Return values
bool

TRUE if salted hash needs an update, otherwise FALSE

isValidSaltedPW()

Method determines if a given string is a valid salted hashed password.

public isValidSaltedPW(string $saltedPW) : bool
Parameters
$saltedPW : string

String to check

Return values
bool

TRUE if it's valid salted hashed password, otherwise FALSE

base64Decode()

Adapted version of base64_encoding for compatibility with python passlib. The output of this function is is identical to base64_encode, except that it uses . instead of +, and omits trailing padding = and whitespace.

protected base64Decode(string $value) : string
Parameters
$value : string
Return values
string

base64Encode()

Adapted version of base64_encoding for compatibility with python passlib. The output of this function is is identical to base64_encode, except that it uses . instead of +, and omits trailing padding = and whitespace.

protected base64Encode(string $input, int $count) : string
Parameters
$input : string

The string containing bytes to encode.

$count : int

The number of characters (bytes) to encode.

Return values
string

Encoded string

getGeneratedSalt()

Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.

protected getGeneratedSalt() : string

Proper use of salts may defeat a number of attacks, including:

  • The ability to try candidate passwords against multiple hashes at once.
  • The ability to use pre-hashed lists of candidate passwords.
  • The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.
Return values
string

A character string containing settings and a random salt

getHashedPasswordInternal()

Method creates a salted hash for a given plaintext password

protected getHashedPasswordInternal(string $password[, string $salt = null ]) : string|null
Parameters
$password : string

plaintext password to create a salted hash from

$salt : string = null

Optional custom salt with setting to use

Return values
string|null

Salted hashed password

getIterationCount()

Parses the log2 iteration count from a stored hash or setting string.

protected getIterationCount(string $setting) : int|null
Parameters
$setting : string

Complete hash or a hash's setting string or to get log2 iteration count from

Return values
int|null

Used hashcount for given hash string

getItoa64()

Returns a string for mapping an int to the corresponding base 64 character.

protected getItoa64() : string
Return values
string

String for mapping an int to the corresponding base 64 character

getLengthBase64FromBytes()

Method determines required length of base64 characters for a given length of a byte string.

protected getLengthBase64FromBytes(int $byteLength) : int
Parameters
$byteLength : int

Length of bytes to calculate in base64 chars

Return values
int

Required length of base64 characters

getStoredSalt()

Parses the salt out of a salt string including settings. If the salt does not include settings it is returned unmodified.

protected getStoredSalt(string $salt) : string
Parameters
$salt : string
Return values
string

isValidSalt()

Method determines if a given string is a valid salt.

protected isValidSalt(string $salt) : bool
Parameters
$salt : string

String to check

Return values
bool

TRUE if it's valid salt, otherwise FALSE


        

        
    




    

    

                            

            

                            
    

        On this page

        
    


            

                    

        

    

        

            
Search results