TYPO3CMS  8
 All Classes Namespaces Files Functions Variables Pages
PhpassSalt Class Reference
Inheritance diagram for PhpassSalt:
AbstractSalt SaltInterface

Public Member Functions

 checkPassword ($plainPW, $saltedHashPW)
 
 isAvailable ()
 
 getHashCount ()
 
 getHashedPassword ($password, $salt=null)
 
 getMaxHashCount ()
 
 getMinHashCount ()
 
 getSaltLength ()
 
 getSetting ()
 
 isHashUpdateNeeded ($passString)
 
 isValidSalt ($salt)
 
 isValidSaltedPW ($saltedPW)
 
 setHashCount ($hashCount=null)
 
 setMaxHashCount ($maxHashCount=null)
 
 setMinHashCount ($minHashCount=null)
 
- Public Member Functions inherited from AbstractSalt
 base64Encode ($input, $count)
 

Public Attributes

const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
 
const HASH_COUNT = 14
 
const MAX_HASH_COUNT = 24
 
const MIN_HASH_COUNT = 7
 

Protected Member Functions

 applySettingsToSalt ($salt)
 
 cryptPassword ($password, $setting)
 
 getCountLog2 ($setting)
 
 getGeneratedSalt ()
 
 getItoa64 ()
 
- Protected Member Functions inherited from AbstractSalt
 applySettingsToSalt ($salt)
 
 getGeneratedSalt ()
 
 getItoa64 ()
 
 getSetting ()
 
 getLengthBase64FromBytes ($byteLength)
 

Static Protected Attributes

static $hashCount
 
static $maxHashCount
 
static $minHashCount
 
static $saltLengthPhpass = 6
 
static $settingPhpass = '$P$'
 

Detailed Description

Class that implements PHPass salted hashing based on Drupal's modified Openwall implementation.

Derived from Drupal CMS original license: GNU General Public License (GPL)

PHPass should work on every system.

See also
http://drupal.org/node/29706/
http://www.openwall.com/phpass/

Definition at line 31 of file PhpassSalt.php.

Member Function Documentation

applySettingsToSalt (   $salt)
protected

Method applies settings (prefix, hash count) to a salt.

Overwrites Md5Salt::applySettingsToSalt() with Blowfish specifics.

Parameters
string$saltA salt to apply setting to
Returns
string Salt with setting

Definition at line 103 of file PhpassSalt.php.

References PhpassSalt\getHashCount(), PhpassSalt\getItoa64(), AbstractSalt\getLengthBase64FromBytes(), PhpassSalt\getSaltLength(), and PhpassSalt\getSetting().

Referenced by PhpassSalt\getHashedPassword().

checkPassword (   $plainPW,
  $saltedHashPW 
)

Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.

Parameters
string$plainPWPlain-text password to compare with salted hash
string$saltedHashPWSalted hash to compare plain-text password with
Returns
bool TRUE, if plain-text password matches the salted hash, otherwise FALSE

Implements SaltInterface.

Definition at line 125 of file PhpassSalt.php.

References PhpassSalt\cryptPassword().

cryptPassword (   $password,
  $setting 
)
protected

Hashes a password using a secure stretched hash.

By using a salt and repeated hashing the password is "stretched". Its security is increased because it becomes much more computationally costly for an attacker to try to break the hash by brute-force computation of the hashes of a large number of plain-text words or strings to find a match.

Parameters
string$passwordPlain-text password to hash
string$settingAn existing hash or the output of getGeneratedSalt()
Returns
mixed A string containing the hashed password (and salt)

Definition at line 153 of file PhpassSalt.php.

References AbstractSalt\base64Encode(), PhpassSalt\getCountLog2(), AbstractSalt\getLengthBase64FromBytes(), PhpassSalt\getMaxHashCount(), PhpassSalt\getMinHashCount(), PhpassSalt\getSaltLength(), and PhpassSalt\getSetting().

Referenced by PhpassSalt\checkPassword(), and PhpassSalt\getHashedPassword().

getCountLog2 (   $setting)
protected

Parses the log2 iteration count from a stored hash or setting string.

Parameters
string$settingComplete hash or a hash's setting string or to get log2 iteration count from
Returns
int Used hashcount for given hash string

Definition at line 186 of file PhpassSalt.php.

References PhpassSalt\getItoa64(), and PhpassSalt\getSetting().

Referenced by PhpassSalt\cryptPassword(), and PhpassSalt\isHashUpdateNeeded().

getGeneratedSalt ( )
protected

Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.

Proper use of salts may defeat a number of attacks, including:

  • The ability to try candidate passwords against multiple hashes at once.
  • The ability to use pre-hashed lists of candidate passwords.
  • The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.
Returns
string A character string containing settings and a random salt

Definition at line 202 of file PhpassSalt.php.

References AbstractSalt\base64Encode(), PhpassSalt\getSaltLength(), and GeneralUtility\makeInstance().

Referenced by PhpassSalt\getHashedPassword().

getHashCount ( )

Method returns log2 number of iterations for password stretching.

Returns
int log2 number of iterations for password stretching
See also
HASH_COUNT
$hashCount
setHashCount()

Definition at line 216 of file PhpassSalt.php.

Referenced by PhpassSalt\applySettingsToSalt(), and PhpassSalt\isHashUpdateNeeded().

getHashedPassword (   $password,
  $salt = null 
)

Method creates a salted hash for a given plaintext password

Parameters
string$passwordPlaintext password to create a salted hash from
string$saltOptional custom salt with setting to use
Returns
string salted hashed password

Implements SaltInterface.

Definition at line 228 of file PhpassSalt.php.

References PhpassSalt\applySettingsToSalt(), PhpassSalt\cryptPassword(), PhpassSalt\getGeneratedSalt(), and PhpassSalt\isValidSalt().

getItoa64 ( )
protected

Returns a string for mapping an int to the corresponding base 64 character.

Returns
string String for mapping an int to the corresponding base 64 character

Definition at line 245 of file PhpassSalt.php.

Referenced by PhpassSalt\applySettingsToSalt(), PhpassSalt\getCountLog2(), and PhpassSalt\isValidSalt().

getMaxHashCount ( )

Method returns maximum allowed log2 number of iterations for password stretching.

Returns
int Maximum allowed log2 number of iterations for password stretching
See also
MAX_HASH_COUNT
$maxHashCount
setMaxHashCount()

Definition at line 258 of file PhpassSalt.php.

Referenced by PhpassSalt\cryptPassword(), and PhpassSalt\setHashCount().

getMinHashCount ( )

Method returns minimum allowed log2 number of iterations for password stretching.

Returns
int Minimum allowed log2 number of iterations for password stretching
See also
MIN_HASH_COUNT
$minHashCount
setMinHashCount()

Definition at line 271 of file PhpassSalt.php.

Referenced by PhpassSalt\cryptPassword(), and PhpassSalt\setHashCount().

getSaltLength ( )

Returns length of a Blowfish salt in bytes.

Returns
int Length of a Blowfish salt in bytes

Implements SaltInterface.

Definition at line 281 of file PhpassSalt.php.

Referenced by PhpassSalt\applySettingsToSalt(), PhpassSalt\cryptPassword(), PhpassSalt\getGeneratedSalt(), and PhpassSalt\isValidSalt().

getSetting ( )

Returns setting string of PHPass salted hashes.

Returns
string Setting string of PHPass salted hashes

Definition at line 291 of file PhpassSalt.php.

Referenced by PhpassSalt\applySettingsToSalt(), PhpassSalt\cryptPassword(), PhpassSalt\getCountLog2(), PhpassSalt\isValidSalt(), and PhpassSalt\isValidSaltedPW().

isAvailable ( )

Returns whether all prerequisites for the hashing methods are matched

Returns
bool Method available

Implements SaltInterface.

Definition at line 136 of file PhpassSalt.php.

isHashUpdateNeeded (   $passString)

Checks whether a user's hashed password needs to be replaced with a new hash.

This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable $hashCount or HASH_COUNT or if the user's password hash was generated in an bulk update with class ext_update.

Parameters
string$passStringSalted hash to check if it needs an update
Returns
bool TRUE if salted hash needs an update, otherwise FALSE

Implements SaltInterface.

Definition at line 308 of file PhpassSalt.php.

References PhpassSalt\getCountLog2(), and PhpassSalt\getHashCount().

isValidSalt (   $salt)

Method determines if a given string is a valid salt.

Parameters
string$saltString to check
Returns
bool TRUE if it's valid salt, otherwise FALSE

Implements SaltInterface.

Definition at line 324 of file PhpassSalt.php.

References PhpassSalt\getItoa64(), AbstractSalt\getLengthBase64FromBytes(), PhpassSalt\getSaltLength(), and PhpassSalt\getSetting().

Referenced by PhpassSalt\getHashedPassword(), and PhpassSalt\isValidSaltedPW().

isValidSaltedPW (   $saltedPW)

Method determines if a given string is a valid salted hashed password.

Parameters
string$saltedPWString to check
Returns
bool TRUE if it's valid salted hashed password, otherwise FALSE

Implements SaltInterface.

Definition at line 354 of file PhpassSalt.php.

References PhpassSalt\getSetting(), and PhpassSalt\isValidSalt().

setHashCount (   $hashCount = null)

Method sets log2 number of iterations for password stretching.

Parameters
int$hashCountlog2 number of iterations for password stretching to set
See also
HASH_COUNT
$hashCount
getHashCount()

Definition at line 371 of file PhpassSalt.php.

References PhpassSalt\$hashCount, PhpassSalt\getMaxHashCount(), and PhpassSalt\getMinHashCount().

setMaxHashCount (   $maxHashCount = null)

Method sets maximum allowed log2 number of iterations for password stretching.

Parameters
int$maxHashCountMaximum allowed log2 number of iterations for password stretching to set
See also
MAX_HASH_COUNT
$maxHashCount
getMaxHashCount()

Definition at line 384 of file PhpassSalt.php.

References PhpassSalt\$maxHashCount.

setMinHashCount (   $minHashCount = null)

Method sets minimum allowed log2 number of iterations for password stretching.

Parameters
int$minHashCountMinimum allowed log2 number of iterations for password stretching to set
See also
MIN_HASH_COUNT
$minHashCount
getMinHashCount()

Definition at line 397 of file PhpassSalt.php.

References PhpassSalt\$minHashCount.

Member Data Documentation

$hashCount
staticprotected

Definition at line 62 of file PhpassSalt.php.

Referenced by PhpassSalt\setHashCount().

$maxHashCount
staticprotected

Definition at line 70 of file PhpassSalt.php.

Referenced by PhpassSalt\setMaxHashCount().

$minHashCount
staticprotected

Definition at line 78 of file PhpassSalt.php.

Referenced by PhpassSalt\setMinHashCount().

$saltLengthPhpass = 6
staticprotected

Definition at line 85 of file PhpassSalt.php.

$settingPhpass = '$P$'
staticprotected

Definition at line 92 of file PhpassSalt.php.

const HASH_COUNT = 14

The default log2 number of iterations for password stretching.

Definition at line 42 of file PhpassSalt.php.

const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'

Keeps a string for mapping an int to the corresponding base 64 character.

Definition at line 37 of file PhpassSalt.php.

const MAX_HASH_COUNT = 24

The default maximum allowed log2 number of iterations for password stretching.

Definition at line 48 of file PhpassSalt.php.

const MIN_HASH_COUNT = 7

The default minimum allowed log2 number of iterations for password stretching.

Definition at line 54 of file PhpassSalt.php.