[ Index ]

PHP Cross Reference of DokuWiki

title

Body

[close]

/inc/ -> PassHash.php (summary)

(no description)

File Size: 808 lines (28 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 1 class

PassHash:: (30 methods):
  verify_hash()
  gen_salt()
  init_salt()
  hash_smd5()
  hash_lsmd5()
  hash_apr1()
  hash_md5()
  hash_sha1()
  hash_ssha()
  hash_crypt()
  hash_mysql()
  hash_my411()
  hash_kmd5()
  stretched_hash()
  hash_pmd5()
  hash_drupal_sha512()
  hash_hmd5()
  hash_djangosha1()
  hash_djangomd5()
  hash_seafilepbkdf2()
  hash_djangopbkdf2()
  hash_djangopbkdf2_sha256()
  hash_djangopbkdf2_sha1()
  hash_bcrypt()
  hash_sha512()
  hash_mediawiki()
  hash_argon2i()
  hash_argon2id()
  hmac()
  random()


Class: PassHash  - X-Ref

Password Hashing Class

This class implements various mechanisms used to hash passwords

verify_hash($clear, $hash)   X-Ref
Verifies a cleartext password against a crypted hash

The method and salt used for the crypted hash is determined automatically,
then the clear text password is crypted using the same method. If both hashs
match true is is returned else false

param: string $clear Clear-Text password
param: string $hash  Hash to compare against
return: bool
author: Andreas Gohr <andi@splitbrain.org>
author: Schplurtz le Déboulonné <Schplurtz@laposte.net>

gen_salt($len = 32)   X-Ref
Create a random salt

param: int $len The length of the salt
return: string

init_salt(&$salt, $len = 32, $cut = true)   X-Ref
Initialize the passed variable with a salt if needed.

If $salt is not null, the value is kept, but the lenght restriction is
applied (unless, $cut is false).

param: string|null &$salt  The salt, pass null if you want one generated
param: int          $len   The length of the salt
param: bool         $cut   Apply length restriction to existing salt?

hash_smd5($clear, $salt = null)   X-Ref
Password hashing method 'smd5'

Uses salted MD5 hashs. Salt is 8 bytes long.

The same mechanism is used by Apache's 'apr1' method. This will
fallback to a implementation in pure PHP if MD5 support is not
available in crypt()

link: http://php.net/manual/en/function.crypt.php#73619
param: string $clear The clear text to hash
param: string $salt  The salt to use, null for random
return: string Hashed password
author: Andreas Gohr <andi@splitbrain.org>
author: <mikey_nich at hotmail dot com>

hash_lsmd5($clear, $salt = null)   X-Ref
Password hashing method 'lsmd5'

Uses salted MD5 hashs. Salt is 8 bytes long.

This is the format used by LDAP.

param: string $clear The clear text to hash
param: string $salt  The salt to use, null for random
return: string Hashed password

hash_apr1($clear, $salt = null, $magic = 'apr1')   X-Ref
Password hashing method 'apr1'

Uses salted MD5 hashs. Salt is 8 bytes long.

This is basically the same as smd1 above, but as used by Apache.

link: http://php.net/manual/en/function.crypt.php#73619
param: string $clear The clear text to hash
param: string $salt  The salt to use, null for random
param: string $magic The hash identifier (apr1 or 1)
return: string Hashed password
author: <mikey_nich at hotmail dot com>

hash_md5($clear)   X-Ref
Password hashing method 'md5'

Uses MD5 hashs.

param: string $clear The clear text to hash
return: string Hashed password

hash_sha1($clear)   X-Ref
Password hashing method 'sha1'

Uses SHA1 hashs.

param: string $clear The clear text to hash
return: string Hashed password

hash_ssha($clear, $salt = null)   X-Ref
Password hashing method 'ssha' as used by LDAP

Uses salted SHA1 hashs. Salt is 4 bytes long.

param: string $clear The clear text to hash
param: string $salt  The salt to use, null for random
return: string Hashed password

hash_crypt($clear, $salt = null)   X-Ref
Password hashing method 'crypt'

Uses salted crypt hashs. Salt is 2 bytes long.

param: string $clear The clear text to hash
param: string $salt  The salt to use, null for random
return: string Hashed password

hash_mysql($clear)   X-Ref
Password hashing method 'mysql'

This method was used by old MySQL systems

link: http://php.net/mysql
param: string $clear The clear text to hash
return: string Hashed password
author: <soren at byu dot edu>

hash_my411($clear)   X-Ref
Password hashing method 'my411'

Uses SHA1 hashs. This method is used by MySQL 4.11 and above

param: string $clear The clear text to hash
return: string Hashed password

hash_kmd5($clear, $salt = null)   X-Ref
Password hashing method 'kmd5'

Uses salted MD5 hashs.

Salt is 2 bytes long, but stored at position 16, so you need to pass at
least 18 bytes. You can pass the crypted hash as salt.

param: string $clear The clear text to hash
param: string $salt  The salt to use, null for random
return: string Hashed password

stretched_hash($algo, $clear, $salt = null, $magic = 'P', $compute = 8)   X-Ref
Password stretched hashing wrapper.

Initial hash is repeatedly rehashed with same password.
Any salted hash algorithm supported by PHP hash() can be used. Salt
is 1+8 bytes long, 1st byte is the iteration count when given. For null
salts $compute is used.

The actual iteration count is 2 to the power of the given count,
maximum is 30 (-> 2^30 = 1_073_741_824). If a higher one is given,
the function throws an exception.
This iteration count is expected to grow with increasing power of
new computers.

link: http://www.openwall.com/phpass/
param: string $algo    The hash algorithm to be used
param: string $clear   The clear text to hash
param: string $salt    The salt to use, null for random
param: string $magic   The hash identifier (P or H)
param: int    $compute The iteration count for new passwords
return: string Hashed password
author: Andreas Gohr <andi@splitbrain.org>
author: Schplurtz le Déboulonné <Schplurtz@laposte.net>

hash_pmd5($clear, $salt = null, $magic = 'P', $compute = 8)   X-Ref
Password hashing method 'pmd5'

Repeatedly uses salted MD5 hashs. See stretched_hash() for the
details.


link: http://www.openwall.com/phpass/
param: string $clear   The clear text to hash
param: string $salt    The salt to use, null for random
param: string $magic   The hash identifier (P or H)
param: int    $compute The iteration count for new passwords
return: string Hashed password
author: Schplurtz le Déboulonné <Schplurtz@laposte.net>
see: PassHash::stretched_hash() for the implementation details.

hash_drupal_sha512($clear, $salt = null, $magic = 'S', $compute = 15)   X-Ref
Password hashing method 'drupal_sha512'

Implements Drupal salted sha512 hashs. Drupal truncates the hash at 55
characters. See stretched_hash() for the details;

link: https://api.drupal.org/api/drupal/includes%21password.inc/7.x
param: string $clear   The clear text to hash
param: string $salt    The salt to use, null for random
param: string $magic   The hash identifier (S)
param: int    $compute The iteration count for new passwords (defautl is drupal 7's)
return: string Hashed password
author: Schplurtz le Déboulonné <Schplurtz@laposte.net>
see: PassHash::stretched_hash() for the implementation details.

hash_hmd5($clear, $salt = null, $magic = 'H', $compute = 8)   X-Ref
Alias for hash_pmd5

param: string $clear
param: null|string $salt
param: string $magic
param: int $compute
return: string

hash_djangosha1($clear, $salt = null)   X-Ref
Password hashing method 'djangosha1'

Uses salted SHA1 hashs. Salt is 5 bytes long.
This is used by the Django Python framework

link: http://docs.djangoproject.com/en/dev/topics/auth/#passwords
param: string $clear The clear text to hash
param: string $salt  The salt to use, null for random
return: string Hashed password

hash_djangomd5($clear, $salt = null)   X-Ref
Password hashing method 'djangomd5'

Uses salted MD5 hashs. Salt is 5 bytes long.
This is used by the Django Python framework

link: http://docs.djangoproject.com/en/dev/topics/auth/#passwords
param: string $clear The clear text to hash
param: string $salt  The salt to use, null for random
return: string Hashed password

hash_seafilepbkdf2($clear, $salt=null, $opts=array()   X-Ref
Password hashing method 'seafilepbkdf2'

An algorithm and iteration count should be given in the opts array.

Hash algorithm is the string that is in the password string in seafile
database. It has to be converted to a php algo name.

param: string $clear The clear text to hash
param: string $salt  The salt to use, null for random
param: array $opts ('algo' => hash algorithm, 'iter' => iterations)
return: string Hashed password
author: Schplurtz le Déboulonné <Schplurtz@laposte.net>
see: https://stackoverflow.com/a/23670177

hash_djangopbkdf2($clear, $salt=null, $opts=array()   X-Ref
Password hashing method 'djangopbkdf2'

An algorithm and iteration count should be given in the opts array.
Defaults to sha256 and 24000 iterations

param: string $clear The clear text to hash
param: string $salt  The salt to use, null for random
param: array $opts ('algo' => hash algorithm, 'iter' => iterations)
return: string Hashed password

hash_djangopbkdf2_sha256($clear, $salt=null, $opts=array()   X-Ref
Alias for djangopbkdf2 defaulting to sha256 as hash algorithm

param: string $clear The clear text to hash
param: string $salt  The salt to use, null for random
param: array $opts ('iter' => iterations)
return: string Hashed password

hash_djangopbkdf2_sha1($clear, $salt=null, $opts=array()   X-Ref
Alias for djangopbkdf2 defaulting to sha1 as hash algorithm

param: string $clear The clear text to hash
param: string $salt  The salt to use, null for random
param: array $opts ('iter' => iterations)
return: string Hashed password

hash_bcrypt($clear, $salt = null, $compute = 10)   X-Ref
Passwordhashing method 'bcrypt'

Uses a modified blowfish algorithm called eksblowfish
This method works on PHP 5.3+ only and will throw an exception
if the needed crypt support isn't available

A full hash should be given as salt (starting with $a2$) or this
will break. When no salt is given, the iteration count can be set
through the $compute variable.

param: string $clear   The clear text to hash
param: string $salt    The salt to use, null for random
param: int    $compute The iteration count (between 4 and 31)
return: string Hashed password

hash_sha512($clear, $salt = null, $magic = null)   X-Ref
Password hashing method SHA512

This is only supported on PHP 5.3.2 or higher and will throw an exception if
the needed crypt support is not available

param: string $clear The clear text to hash
param: string $salt  The salt to use, null for random
param: string $magic The rounds for sha512 (for example "rounds=3000"), null for default value
return: string Hashed password

hash_mediawiki($clear, $salt = null)   X-Ref
Password hashing method 'mediawiki'

Uses salted MD5, this is referred to as Method B in MediaWiki docs. Unsalted md5
method 'A' is not supported.

link: http://www.mediawiki.org/wiki/Manual_talk:User_table#user_password_column
param: string $clear The clear text to hash
param: string $salt  The salt to use, null for random
return: string Hashed password

hash_argon2i($clear)   X-Ref
Password hashing method 'argon2i'

Uses php's own password_hash function to create argon2i password hash
Default Cost and thread options are used for now.

link: https://www.php.net/manual/de/function.password-hash.php
param: string $clear The clear text to hash
return: string Hashed password

hash_argon2id($clear)   X-Ref
Password hashing method 'argon2id'

Uses php's own password_hash function to create argon2id password hash
Default Cost and thread options are used for now.

link: https://www.php.net/manual/de/function.password-hash.php
param: string $clear The clear text to hash
return: string Hashed password

hmac($algo, $data, $key, $raw_output = false)   X-Ref
Wraps around native hash_hmac() or reimplents it

This is not directly used as password hashing method, and thus isn't callable via the
verify_hash() method. It should be used to create signatures and might be used in other
password hashing methods.

link: http://php.net/manual/en/function.hash-hmac.php#93440
param: string $algo Name of selected hashing algorithm (i.e. "md5", "sha256", "haval160,4",
param: string $data Message to be hashed.
param: string $key  Shared secret key used for generating the HMAC variant of the message digest.
param: bool $raw_output When set to TRUE, outputs raw binary data. FALSE outputs lowercase hexits.
return: string
author: KC Cloyd
see: hash_hmac()

random($min, $max)   X-Ref
Use a secure random generator

param: int $min
param: int $max
return: int