TYPO3CMS  8
 All Classes Namespaces Files Functions Variables Pages
Pbkdf2Salt Class Reference
Inheritance diagram for Pbkdf2Salt:
AbstractSalt SaltInterface

Public Member Functions

 checkPassword ($plainPW, $saltedHashPW)
 
 getHashedPassword ($password, $salt=null)
 
 getHashCount ()
 
 getMaxHashCount ()
 
 isAvailable ()
 
 getMinHashCount ()
 
 getSaltLength ()
 
 getSetting ()
 
 isHashUpdateNeeded ($saltedPW)
 
 isValidSalt ($salt)
 
 isValidSaltedPW ($saltedPW)
 
 setHashCount ($hashCount=null)
 
 setMaxHashCount ($maxHashCount=null)
 
 setMinHashCount ($minHashCount=null)
 
 base64Encode ($input, $count)
 
 base64Decode ($value)
 
- Public Member Functions inherited from AbstractSalt
 base64Encode ($input, $count)
 

Public Attributes

const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
 
const HASH_COUNT = 25000
 
const MAX_HASH_COUNT = 10000000
 
const MIN_HASH_COUNT = 1000
 

Protected Member Functions

 applySettingsToSalt ($salt)
 
 getIterationCount ($setting)
 
 getGeneratedSalt ()
 
 getStoredSalt ($salt)
 
 getItoa64 ()
 
- Protected Member Functions inherited from AbstractSalt
 applySettingsToSalt ($salt)
 
 getGeneratedSalt ()
 
 getItoa64 ()
 
 getSetting ()
 
 getLengthBase64FromBytes ($byteLength)
 

Static Protected Attributes

static $hashCount
 
static $maxHashCount
 
static $minHashCount
 
static $saltLengthPbkdf2 = 16
 
static $settingPbkdf2 = '$pbkdf2-sha256$'
 

Detailed Description

Class that implements PBKDF2 salted hashing based on PHP's hash_pbkdf2() function.

Definition at line 24 of file Pbkdf2Salt.php.

Member Function Documentation

applySettingsToSalt (   $salt)
protected

Method applies settings (prefix, hash count) to a salt.

Overwrites Md5Salt::applySettingsToSalt() with PBKDF2 specifics.

Parameters
string$saltA salt to apply setting to
Returns
string Salt with setting

Definition at line 91 of file Pbkdf2Salt.php.

References Pbkdf2Salt\base64Encode(), Pbkdf2Salt\getHashCount(), Pbkdf2Salt\getSaltLength(), and Pbkdf2Salt\getSetting().

Referenced by Pbkdf2Salt\getHashedPassword().

base64Decode (   $value)

Adapted version of base64_encoding for compatibility with python passlib. The output of this function is is identical to base64_encode, except that it uses . instead of +, and omits trailing padding = and whitepsace.

Parameters
string$value
Returns
string

Definition at line 407 of file Pbkdf2Salt.php.

Referenced by Pbkdf2Salt\getStoredSalt().

base64Encode (   $input,
  $count 
)

Adapted version of base64_encoding for compatibility with python passlib. The output of this function is is identical to base64_encode, except that it uses . instead of +, and omits trailing padding = and whitepsace.

Parameters
string$inputThe string containing bytes to encode.
int$countThe number of characters (bytes) to encode.
Returns
string Encoded string

Definition at line 394 of file Pbkdf2Salt.php.

Referenced by Pbkdf2Salt\applySettingsToSalt(), and Pbkdf2Salt\getHashedPassword().

checkPassword (   $plainPW,
  $saltedHashPW 
)

Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.

Parameters
string$plainPWplain-text password to compare with salted hash
string$saltedHashPWsalted hash to compare plain-text password with
Returns
bool TRUE, if plain-text password matches the salted hash, otherwise FALSE

Implements SaltInterface.

Definition at line 109 of file Pbkdf2Salt.php.

References Pbkdf2Salt\getHashedPassword(), and Pbkdf2Salt\isValidSalt().

getGeneratedSalt ( )
protected

Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.

Proper use of salts may defeat a number of attacks, including:

  • The ability to try candidate passwords against multiple hashes at once.
  • The ability to use pre-hashed lists of candidate passwords.
  • The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.
Returns
string A character string containing settings and a random salt

Definition at line 146 of file Pbkdf2Salt.php.

References Pbkdf2Salt\getSaltLength(), and GeneralUtility\makeInstance().

Referenced by Pbkdf2Salt\getHashedPassword().

getHashCount ( )

Method returns number of iterations for password stretching.

Returns
int number of iterations for password stretching
See also
HASH_COUNT
$hashCount
setHashCount()

Definition at line 210 of file Pbkdf2Salt.php.

Referenced by Pbkdf2Salt\applySettingsToSalt(), Pbkdf2Salt\getHashedPassword(), and Pbkdf2Salt\isHashUpdateNeeded().

getHashedPassword (   $password,
  $salt = null 
)

Method creates a salted hash for a given plaintext password

Parameters
string$passwordplaintext password to create a salted hash from
string$saltOptional custom salt with setting to use
Returns
string|null Salted hashed password

Implements SaltInterface.

Definition at line 186 of file Pbkdf2Salt.php.

References Pbkdf2Salt\applySettingsToSalt(), Pbkdf2Salt\base64Encode(), Pbkdf2Salt\getGeneratedSalt(), Pbkdf2Salt\getHashCount(), Pbkdf2Salt\getIterationCount(), Pbkdf2Salt\getStoredSalt(), Pbkdf2Salt\isValidSalt(), and Pbkdf2Salt\setHashCount().

Referenced by Pbkdf2Salt\checkPassword().

getIterationCount (   $setting)
protected

Parses the log2 iteration count from a stored hash or setting string.

Parameters
string$settingComplete hash or a hash's setting string or to get log2 iteration count from
Returns
int|null Used hashcount for given hash string

Definition at line 120 of file Pbkdf2Salt.php.

References Pbkdf2Salt\getMaxHashCount(), and Pbkdf2Salt\getSetting().

Referenced by Pbkdf2Salt\getHashedPassword(), and Pbkdf2Salt\isHashUpdateNeeded().

getItoa64 ( )
protected

Returns a string for mapping an int to the corresponding base 64 character.

Returns
string String for mapping an int to the corresponding base 64 character

Definition at line 174 of file Pbkdf2Salt.php.

Referenced by Pbkdf2Salt\isValidSalt().

getMaxHashCount ( )

Method returns maximum allowed number of iterations for password stretching.

Returns
int Maximum allowed number of iterations for password stretching
See also
MAX_HASH_COUNT
$maxHashCount
setMaxHashCount()

Definition at line 223 of file Pbkdf2Salt.php.

Referenced by Pbkdf2Salt\getIterationCount(), and Pbkdf2Salt\setHashCount().

getMinHashCount ( )

Method returns minimum allowed number of iterations for password stretching.

Returns
int Minimum allowed number of iterations for password stretching
See also
MIN_HASH_COUNT
$minHashCount
setMinHashCount()

Definition at line 246 of file Pbkdf2Salt.php.

Referenced by Pbkdf2Salt\setHashCount().

getSaltLength ( )

Returns length of a PBKDF2 salt in bytes.

Overwrites Md5Salt::getSaltLength() with PBKDF2 specifics.

Returns
int Length of a PBKDF2 salt in bytes

Implements SaltInterface.

Definition at line 259 of file Pbkdf2Salt.php.

Referenced by Pbkdf2Salt\applySettingsToSalt(), Pbkdf2Salt\getGeneratedSalt(), and Pbkdf2Salt\isValidSalt().

getSetting ( )

Returns setting string of PBKDF2 salted hashes.

Overwrites Md5Salt::getSetting() with PBKDF2 specifics.

Returns
string Setting string of PBKDF2 salted hashes

Definition at line 272 of file Pbkdf2Salt.php.

Referenced by Pbkdf2Salt\applySettingsToSalt(), Pbkdf2Salt\getIterationCount(), Pbkdf2Salt\getStoredSalt(), Pbkdf2Salt\isHashUpdateNeeded(), Pbkdf2Salt\isValidSalt(), and Pbkdf2Salt\isValidSaltedPW().

getStoredSalt (   $salt)
protected

Parses the salt out of a salt string including settings. If the salt does not include settings it is returned unmodified.

Parameters
string$salt
Returns
string

Definition at line 158 of file Pbkdf2Salt.php.

References Pbkdf2Salt\base64Decode(), Pbkdf2Salt\getSetting(), and GeneralUtility\trimExplode().

Referenced by Pbkdf2Salt\getHashedPassword().

isAvailable ( )

Returns whether all prerequisites for the hashing methods are matched

Returns
bool Method available

Implements SaltInterface.

Definition at line 233 of file Pbkdf2Salt.php.

isHashUpdateNeeded (   $saltedPW)

Checks whether a user's hashed password needs to be replaced with a new hash.

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable $hashCount or HASH_COUNT.

Parameters
string$saltedPWSalted hash to check if it needs an update
Returns
bool TRUE if salted hash needs an update, otherwise FALSE

Implements SaltInterface.

Definition at line 288 of file Pbkdf2Salt.php.

References Pbkdf2Salt\getHashCount(), Pbkdf2Salt\getIterationCount(), Pbkdf2Salt\getSetting(), and Pbkdf2Salt\isValidSalt().

isValidSalt (   $salt)

Method determines if a given string is a valid salt.

Overwrites Md5Salt::isValidSalt() with PBKDF2 specifics.

Parameters
string$saltString to check
Returns
bool TRUE if it's valid salt, otherwise FALSE

Implements SaltInterface.

Definition at line 308 of file Pbkdf2Salt.php.

References Pbkdf2Salt\getItoa64(), AbstractSalt\getLengthBase64FromBytes(), Pbkdf2Salt\getSaltLength(), and Pbkdf2Salt\getSetting().

Referenced by Pbkdf2Salt\checkPassword(), Pbkdf2Salt\getHashedPassword(), Pbkdf2Salt\isHashUpdateNeeded(), and Pbkdf2Salt\isValidSaltedPW().

isValidSaltedPW (   $saltedPW)

Method determines if a given string is a valid salted hashed password.

Parameters
string$saltedPWString to check
Returns
bool TRUE if it's valid salted hashed password, otherwise FALSE

Implements SaltInterface.

Definition at line 338 of file Pbkdf2Salt.php.

References Pbkdf2Salt\getSetting(), and Pbkdf2Salt\isValidSalt().

setHashCount (   $hashCount = null)

Method sets number of iterations for password stretching.

Parameters
int$hashCountnumber of iterations for password stretching to set
See also
HASH_COUNT
$hashCount
getHashCount()

Definition at line 355 of file Pbkdf2Salt.php.

References Pbkdf2Salt\$hashCount, Pbkdf2Salt\getMaxHashCount(), and Pbkdf2Salt\getMinHashCount().

Referenced by Pbkdf2Salt\getHashedPassword().

setMaxHashCount (   $maxHashCount = null)

Method sets maximum allowed number of iterations for password stretching.

Parameters
int$maxHashCountMaximum allowed number of iterations for password stretching to set
See also
MAX_HASH_COUNT
$maxHashCount
getMaxHashCount()

Definition at line 368 of file Pbkdf2Salt.php.

References Pbkdf2Salt\$maxHashCount.

setMinHashCount (   $minHashCount = null)

Method sets minimum allowed number of iterations for password stretching.

Parameters
int$minHashCountMinimum allowed number of iterations for password stretching to set
See also
MIN_HASH_COUNT
$minHashCount
getMinHashCount()

Definition at line 381 of file Pbkdf2Salt.php.

References Pbkdf2Salt\$minHashCount.

Member Data Documentation

$hashCount
staticprotected

Definition at line 52 of file Pbkdf2Salt.php.

Referenced by Pbkdf2Salt\setHashCount().

$maxHashCount
staticprotected

Definition at line 59 of file Pbkdf2Salt.php.

Referenced by Pbkdf2Salt\setMaxHashCount().

$minHashCount
staticprotected

Definition at line 66 of file Pbkdf2Salt.php.

Referenced by Pbkdf2Salt\setMinHashCount().

$saltLengthPbkdf2 = 16
staticprotected

Definition at line 73 of file Pbkdf2Salt.php.

$settingPbkdf2 = '$pbkdf2-sha256$'
staticprotected

Definition at line 80 of file Pbkdf2Salt.php.

const HASH_COUNT = 25000

The default number of iterations for password stretching.

Definition at line 35 of file Pbkdf2Salt.php.

const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'

Keeps a string for mapping an int to the corresponding base 64 character.

Definition at line 30 of file Pbkdf2Salt.php.

const MAX_HASH_COUNT = 10000000

The default maximum allowed number of iterations for password stretching.

Definition at line 40 of file Pbkdf2Salt.php.

const MIN_HASH_COUNT = 1000

The default minimum allowed number of iterations for password stretching.

Definition at line 45 of file Pbkdf2Salt.php.