![]() |
TYPO3
7.6
|
Public Member Functions | |
checkPassword ($plainPW, $saltedHashPW) | |
isAvailable () | |
getHashCount () | |
getHashedPassword ($password, $salt=null) | |
getMaxHashCount () | |
getMinHashCount () | |
getSaltLength () | |
getSetting () | |
isHashUpdateNeeded ($passString) | |
isValidSalt ($salt) | |
isValidSaltedPW ($saltedPW) | |
setHashCount ($hashCount=null) | |
setMaxHashCount ($maxHashCount=null) | |
setMinHashCount ($minHashCount=null) | |
![]() | |
base64Encode ($input, $count) | |
Public Attributes | |
const | ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' |
const | HASH_COUNT = 14 |
const | MAX_HASH_COUNT = 24 |
const | MIN_HASH_COUNT = 7 |
Protected Member Functions | |
applySettingsToSalt ($salt) | |
cryptPassword ($password, $setting) | |
getCountLog2 ($setting) | |
getGeneratedSalt () | |
getItoa64 () | |
![]() | |
applySettingsToSalt ($salt) | |
getGeneratedSalt () | |
getItoa64 () | |
getSetting () | |
getLengthBase64FromBytes ($byteLength) | |
Static Protected Attributes | |
static | $hashCount |
static | $maxHashCount |
static | $minHashCount |
static | $saltLengthPhpass = 6 |
static | $settingPhpass = '$P$' |
Class that implements PHPass salted hashing based on Drupal's modified Openwall implementation.
Derived from Drupal CMS original license: GNU General Public License (GPL)
PHPass should work on every system.
Definition at line 28 of file PhpassSalt.php.
|
protected |
Method applies settings (prefix, hash count) to a salt.
Overwrites Md5Salt::applySettingsToSalt() with Blowfish specifics.
string | $salt | A salt to apply setting to |
Definition at line 100 of file PhpassSalt.php.
References PhpassSalt\getHashCount(), PhpassSalt\getItoa64(), AbstractSalt\getLengthBase64FromBytes(), PhpassSalt\getSaltLength(), and PhpassSalt\getSetting().
Referenced by PhpassSalt\getHashedPassword().
checkPassword | ( | $plainPW, | |
$saltedHashPW | |||
) |
Method checks if a given plaintext password is correct by comparing it with a given salted hashed password.
string | $plainPW | Plain-text password to compare with salted hash |
string | $saltedHashPW | Salted hash to compare plain-text password with |
Implements SaltInterface.
Definition at line 122 of file PhpassSalt.php.
References PhpassSalt\cryptPassword().
|
protected |
Hashes a password using a secure stretched hash.
By using a salt and repeated hashing the password is "stretched". Its security is increased because it becomes much more computationally costly for an attacker to try to break the hash by brute-force computation of the hashes of a large number of plain-text words or strings to find a match.
string | $password | Plain-text password to hash |
string | $setting | An existing hash or the output of getGeneratedSalt() |
Definition at line 150 of file PhpassSalt.php.
References AbstractSalt\base64Encode(), PhpassSalt\getCountLog2(), AbstractSalt\getLengthBase64FromBytes(), PhpassSalt\getMaxHashCount(), PhpassSalt\getMinHashCount(), PhpassSalt\getSaltLength(), and PhpassSalt\getSetting().
Referenced by PhpassSalt\checkPassword(), and PhpassSalt\getHashedPassword().
|
protected |
Parses the log2 iteration count from a stored hash or setting string.
string | $setting | Complete hash or a hash's setting string or to get log2 iteration count from |
Definition at line 183 of file PhpassSalt.php.
References PhpassSalt\getItoa64(), and PhpassSalt\getSetting().
Referenced by PhpassSalt\cryptPassword(), and PhpassSalt\isHashUpdateNeeded().
|
protected |
Generates a random base 64-encoded salt prefixed and suffixed with settings for the hash.
Proper use of salts may defeat a number of attacks, including:
Definition at line 199 of file PhpassSalt.php.
References AbstractSalt\base64Encode(), and PhpassSalt\getSaltLength().
Referenced by PhpassSalt\getHashedPassword().
getHashCount | ( | ) |
Method returns log2 number of iterations for password stretching.
Definition at line 213 of file PhpassSalt.php.
Referenced by PhpassSalt\applySettingsToSalt(), and PhpassSalt\isHashUpdateNeeded().
getHashedPassword | ( | $password, | |
$salt = null |
|||
) |
Method creates a salted hash for a given plaintext password
string | $password | Plaintext password to create a salted hash from |
string | $salt | Optional custom salt with setting to use |
Implements SaltInterface.
Definition at line 225 of file PhpassSalt.php.
References PhpassSalt\applySettingsToSalt(), PhpassSalt\cryptPassword(), PhpassSalt\getGeneratedSalt(), and PhpassSalt\isValidSalt().
|
protected |
Returns a string for mapping an int to the corresponding base 64 character.
Definition at line 242 of file PhpassSalt.php.
Referenced by PhpassSalt\applySettingsToSalt(), PhpassSalt\getCountLog2(), and PhpassSalt\isValidSalt().
getMaxHashCount | ( | ) |
Method returns maximum allowed log2 number of iterations for password stretching.
Definition at line 255 of file PhpassSalt.php.
Referenced by PhpassSalt\cryptPassword(), and PhpassSalt\setHashCount().
getMinHashCount | ( | ) |
Method returns minimum allowed log2 number of iterations for password stretching.
Definition at line 268 of file PhpassSalt.php.
Referenced by PhpassSalt\cryptPassword(), and PhpassSalt\setHashCount().
getSaltLength | ( | ) |
Returns length of a Blowfish salt in bytes.
Implements SaltInterface.
Definition at line 278 of file PhpassSalt.php.
Referenced by PhpassSalt\applySettingsToSalt(), PhpassSalt\cryptPassword(), PhpassSalt\getGeneratedSalt(), and PhpassSalt\isValidSalt().
getSetting | ( | ) |
Returns setting string of PHPass salted hashes.
Definition at line 288 of file PhpassSalt.php.
Referenced by PhpassSalt\applySettingsToSalt(), PhpassSalt\cryptPassword(), PhpassSalt\getCountLog2(), PhpassSalt\isValidSalt(), and PhpassSalt\isValidSaltedPW().
isAvailable | ( | ) |
Returns whether all prerequisites for the hashing methods are matched
Implements SaltInterface.
Definition at line 133 of file PhpassSalt.php.
isHashUpdateNeeded | ( | $passString | ) |
Checks whether a user's hashed password needs to be replaced with a new hash.
This is typically called during the login process when the plain text password is available. A new hash is needed when the desired iteration count has changed through a change in the variable $hashCount or HASH_COUNT or if the user's password hash was generated in an bulk update with class ext_update.
string | $passString | Salted hash to check if it needs an update |
Implements SaltInterface.
Definition at line 305 of file PhpassSalt.php.
References PhpassSalt\getCountLog2(), and PhpassSalt\getHashCount().
isValidSalt | ( | $salt | ) |
Method determines if a given string is a valid salt.
string | $salt | String to check |
Implements SaltInterface.
Definition at line 321 of file PhpassSalt.php.
References PhpassSalt\getItoa64(), AbstractSalt\getLengthBase64FromBytes(), PhpassSalt\getSaltLength(), and PhpassSalt\getSetting().
Referenced by PhpassSalt\getHashedPassword(), and PhpassSalt\isValidSaltedPW().
isValidSaltedPW | ( | $saltedPW | ) |
Method determines if a given string is a valid salted hashed password.
string | $saltedPW | String to check |
Implements SaltInterface.
Definition at line 351 of file PhpassSalt.php.
References PhpassSalt\getSetting(), and PhpassSalt\isValidSalt().
setHashCount | ( | $hashCount = null | ) |
Method sets log2 number of iterations for password stretching.
int | $hashCount | log2 number of iterations for password stretching to set |
Definition at line 369 of file PhpassSalt.php.
References PhpassSalt\$hashCount, PhpassSalt\getMaxHashCount(), and PhpassSalt\getMinHashCount().
setMaxHashCount | ( | $maxHashCount = null | ) |
Method sets maximum allowed log2 number of iterations for password stretching.
int | $maxHashCount | Maximum allowed log2 number of iterations for password stretching to set |
Definition at line 382 of file PhpassSalt.php.
References PhpassSalt\$maxHashCount.
setMinHashCount | ( | $minHashCount = null | ) |
Method sets minimum allowed log2 number of iterations for password stretching.
int | $minHashCount | Minimum allowed log2 number of iterations for password stretching to set |
Definition at line 395 of file PhpassSalt.php.
References PhpassSalt\$minHashCount.
|
staticprotected |
Definition at line 59 of file PhpassSalt.php.
Referenced by PhpassSalt\setHashCount().
|
staticprotected |
Definition at line 67 of file PhpassSalt.php.
Referenced by PhpassSalt\setMaxHashCount().
|
staticprotected |
Definition at line 75 of file PhpassSalt.php.
Referenced by PhpassSalt\setMinHashCount().
|
staticprotected |
Definition at line 82 of file PhpassSalt.php.
|
staticprotected |
Definition at line 89 of file PhpassSalt.php.
const HASH_COUNT = 14 |
The default log2 number of iterations for password stretching.
Definition at line 39 of file PhpassSalt.php.
const ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' |
Keeps a string for mapping an int to the corresponding base 64 character.
Definition at line 34 of file PhpassSalt.php.
const MAX_HASH_COUNT = 24 |
The default maximum allowed log2 number of iterations for password stretching.
Definition at line 45 of file PhpassSalt.php.
const MIN_HASH_COUNT = 7 |
The default minimum allowed log2 number of iterations for password stretching.
Definition at line 51 of file PhpassSalt.php.