Skip to content

theshem/CodeIgniter-PBKDF2-Library

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits

libraries

libraries

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

MIT-LICENSE.txt

MIT-LICENSE.txt

 
 

README.md

README.md

 
 

Repository files navigation

#CodeIgniter PBKDF2 Library PBKDF2 PHP Class Library for CodeIgniter.

PBKDF2 (Password-Based Key Derivation Function) is a key stretching algorithm. It can be used to hash passwords in a computationally intensive manner, so that dictionary and brute-force attacks are less effective.

##HOW TO USE

###1) Customizing the PBKDF2 (optional)

The following is a list of all the preferences you can pass to the initialization function to customize PBKDF2 encryption.

// HMAC hashing algorithm
$config['algorithm'];

PBKDF2 uses SHA-256 by default; If the algorithm does not exist, sha256 will be set.

// Number of iterations to make 
$config['iterations'];

It is set to 1000 by default, recommended by RFC#2898.

// Length of hashed password
$config['hash_length'];

It is set to 32 characters (128-bit) by default.

// Length of hashed salt
$config['salt_length'];

It is set to 32 characters (128-bit) by default.

####Usage: Example of Initializing the library

// Load library into controller
$this->load->library('pbkdf2');

$config['algorithm'] = 'whirlpool';
$config['iterations'] = 500;
$config['hash_length'] = 64;
$config['salt_length'] = 16;

$this->pbkdf2->initialize($config);

###2) Explanation of Encrypt Method

Syntax:

encrypt( string $password [, mixed $good_hash = NULL [, bool $object_output = FALSE]] )

Usage:

  • First

     $pbkdf2 = $this->pbkdf2->encrypt($password);

    Return: An associative array with 'salt', 'password', 'hash' keys which vaule of 'hash' is concatenation of 'salt' and 'password'.

  • Second

     $pbkdf2 = $this->pbkdf2->encrypt($password, TRUE);

    Return: An object (stdClass) with 'salt', 'password', 'hash' properties which vaule of 'hash' is concatenation of 'salt' and 'password'.

  • Third

     $pbkdf2 = $this->pbkdf2->encrypt($password, $good_hash);

    Using $good_hash which has been fetched from database to generate $password hash while $good_hash could be salt or hash (concatenation of salt and password).

    Return: An associative array with 'salt', 'password', 'hash' keys which vaule of 'hash' is concatenation of 'salt' and 'password'.

  • Fourth

     $pbkdf2 = $this->pbkdf2->encrypt($password, $good_hash, TRUE);

    Using $good_hash which has been fetched from database to generate $password hash while $good_hash could be salt or hash (concatenation of salt and password).

    Return: An object (stdClass) with 'salt', 'password', 'hash' properties which vaule of 'hash' is concatenation of 'salt' and 'password'.

salt and password indexes/properties are 128-bit|16-byte|32-char hash value by default. so hash would be double (256-bit).

###3) Register user

####Step 1:

Load pbkdf2 library into your controller:

$this->load->library('pbkdf2');

####Step 2:

Encrypt user's password sent from login.

// get password, which has been sent via POST method
$password = $this->input->post('password', TRUE);

$pbkdf2 = $this->pbkdf2->encrypt($password);

Register user by using $pbkdf2['password'] as user's password and storing $pbkdf2['salt'] in seperate column for lateral using

OR

Register user by using $pbkdf2['hash'] as user's password which has been recommended; no need to store user's salt seperately.

NOTE: Usernames MUST be unique. be ensured that users aren't able to choose duplicate usernames. make some restrictions on registering users.

###4) Logging in user

####Step 1:

Load pbkdf2 library into your controller:

$this->load->library('pbkdf2');

####Step 2:

Fetch user's password using posted username.

Assuming a model named user.php exists, which returns an associative array contains user's password and whatever-you-need from database using posted username.

$username = $this->input->post('username', TRUE);
// get password for the next step
$password = $this->input->post('password', TRUE);
$user = $this->user->get_user($username);

NOTE: Usernames MUST be unique. be ensured that users aren't able to choose duplicate usernames. make some strictions on registering users.

####Step 3:

Check if the given password is exactly equal to password stored in database.

In the example below, it is assumed that concatenation of salt and password which called hash is used as user's password. the encrypt method select the salt automatically.

NOTE: If you want to store salt in database separately, you MUST pass the salt as second parameter to encrypt method.

$pbkdf2 = $this->pbkdf2->encrypt($password, $user['password']);

// check if user exists
if ($user) {
	
	if ($pbkdf2['hash'] === $user['password']) {

		// do login and/or blag blah blah...

	}
}

License

CodeIgniter PBKDF2 Library was created by Hashem Qolami and released under the MIT License, based on RFC#2898.
Any suggestions are welcome. create an issue if you have any problems/ideas.

Thanks,
-Hashem Qolami <hashem@qolami.com>

About

PBKDF2 PHP Class Library for CodeIgniter. PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function

Resources

Readme

License

MIT license
Activity

Stars

11 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages