Skip to content
This repository
Fetching contributors…

Cannot retrieve contributors at this time

file 236 lines (214 sloc) 8.599 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236
<?php
/**
* Lithium: the most rad php framework
*
* @copyright Copyright 2012, Union of RAD (http://union-of-rad.org)
* @license http://opensource.org/licenses/bsd-license.php The BSD License
*/

namespace lithium\security;

use lithium\util\String;

/**
* `Password` utility class that makes use of PHP's `crypt()` function. Includes a
* cryptographically strong salt generator, and utility functions to hash and check
* passwords.
*/
class Password {

/**
* The default log2 number of iterations for Blowfish encryption.
*/
const BF = 10;

/**
* The default log2 number of iterations for XDES encryption.
*/
const XDES = 18;

/**
* Hashes a password using PHP's `crypt()` and an optional salt. If no
* salt is supplied, a cryptographically strong salt will be generated
* using `lithium\security\Password::salt()`.
*
* Using this function is the proper way to hash a password. Using naïve
* methods such as sha1 or md5, as is done in many web applications, is
* improper due to the lack of a cryptographically strong salt.
*
* Using `lithium\security\Password::hash()` ensures that:
*
* - Two identical passwords will never use the same salt, thus never
* resulting in the same hash; this prevents a potential attacker from
* compromising user accounts by using a database of most commonly used
* passwords.
* - The salt generator's count iterator can be increased within Lithium
* or your application as computer hardware becomes faster; this results
* in slower hash generation, without invalidating existing passwords.
*
* Usage:
*
* {{{
* // Hash a password before storing it:
* $hashed = Password::hash($password);
*
* // Check a password by comparing it to its hashed value:
* $check = Password::check($password, $hashed);
*
* // Use a stronger custom salt:
* $salt = Password::salt('bf', 16); // 2^16 iterations
* $hashed = Password::hash($password, $salt); // Very slow
* $check = Password::check($password, $hashed); // Very slow
*
* // Forward/backward compatibility
* $salt1 = Password::salt('bf', 6);
* $salt2 = Password::salt('bf', 12);
* $hashed1 = Password::hash($password, $salt1); // Fast
* $hashed2 = Password::hash($password, $salt2); // Slow
* $check1 = Password::check($password, $hashed1); // True
* $check2 = Password::check($password, $hashed2); // True
* }}}
*
* @see lithium\security\Password::check()
* @see lithium\security\Password::salt()
* @link http://php.net/manual/function.crypt.php
* @param string $password The password to hash.
* @param string $salt Optional. The salt string.
* @return string The hashed password.
* The result's length will be:
* - 60 chars long for Blowfish hashes
* - 20 chars long for XDES hashes
* - 34 chars long for MD5 hashes
*/
public static function hash($password, $salt = null) {
return crypt($password, $salt ?: static::salt());
}

/**
* Compares a password and its hashed value using PHP's `crypt()`. Rather than a simple string
* comparison, this method uses a constant-time algorithm to defend against timing attacks.
*
* @see lithium\security\Password::hash()
* @see lithium\security\Password::salt()
* @param string $password The password to check.
* @param string $hash The hashed password to compare it to.
* @return boolean Returns a boolean indicating whether the password is correct.
*/
public static function check($password, $hash) {
return String::compare(crypt($password, $hash), $hash);
}

/**
* Generates a cryptographically strong salt, using the best available
* method (tries Blowfish, then XDES, and fallbacks to MD5), for use in
* `Password::hash()`.
*
* Blowfish and XDES are adaptive hashing algorithms. MD5 is not. Adaptive
* hashing algorithms are designed in such a way that when computers get
* faster, you can tune the algorithm to be slower by increasing the number
* of hash iterations, without introducing incompatibility with existing
* passwords.
*
* To pick an appropriate iteration count for adaptive algorithms, consider
* that the original DES crypt was designed to have the speed of 4 hashes
* per second on the hardware of that time. Slower than 4 hashes per second
* would probably dampen usability. Faster than 100 hashes per second is
* probably too fast. The defaults generate about 10 hashes per second
* using a dual-core 2.2GHz CPU.
*
* _Note 1_: this salt generator is different from naive salt implementations
* (e.g. `md5(microtime())`) in that it uses all of the available bits of
* entropy for the supplied salt method.
*
* _Note2_: this method should not be use to generate custom salts. Indeed,
* the resulting salts are prefixed with information expected by PHP's
* `crypt()`. To get an arbitrarily long, cryptographically strong salt
* consisting in random sequences of alpha numeric characters, use
* `lithium\util\String::random()` instead.
*
* @link http://php.net/manual/en/function.crypt.php
* @link http://www.postgresql.org/docs/9.0/static/pgcrypto.html
* @see lithium\security\Password::hash()
* @see lithium\security\Password::check()
* @see lithium\util\String::random()
* @param string $type The hash type. Optional. Defaults to the best
* available option. Supported values, along with their maximum
* password lengths, include:
* - `'bf'`: Blowfish (128 salt bits, max 72 chars)
* - `'xdes'`: XDES (24 salt bits, max 8 chars)
* - `'md5'`: MD5 (48 salt bits, unlimited length)
* @param integer $count Optional. The base-2 logarithm of the iteration
* count, for adaptive algorithms. Defaults to:
* - `10` for Blowfish
* - `18` for XDES
* @return string The salt string.
*/
public static function salt($type = null, $count = null) {
switch (true) {
case CRYPT_BLOWFISH == 1 && (!$type || $type === 'bf'):
return static::_genSaltBf($count);
case CRYPT_EXT_DES == 1 && (!$type || $type === 'xdes'):
return static::_genSaltXDES($count);
default:
return static::_genSaltMD5();
}
}

/**
* Generates a Blowfish salt for use in `lithium\security\Password::hash()`. _Note_: Does not
* use the `'encode'` option of `String::random()` because it could result in 2 bits less of
* entropy depending on the last character.
*
* @param integer $count The base-2 logarithm of the iteration count.
* Defaults to `10`. Can be `4` to `31`.
* @return string The Blowfish salt.
*/
protected static function _genSaltBf($count = null) {
$count = (integer) $count;
$count = ($count < 4 || $count > 31) ? static::BF : $count;

$base64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$i = 0;

$input = String::random(16);
$output = '';

do {
$c1 = ord($input[$i++]);
$output .= $base64[$c1 >> 2];
$c1 = ($c1 & 0x03) << 4;
if ($i >= 16) {
$output .= $base64[$c1];
break;
}

$c2 = ord($input[$i++]);
$c1 |= $c2 >> 4;
$output .= $base64[$c1];
$c1 = ($c2 & 0x0f) << 2;

$c2 = ord($input[$i++]);
$c1 |= $c2 >> 6;
$output .= $base64[$c1];
$output .= $base64[$c2 & 0x3f];
} while (1);

$result = '$2a$';
$result .= chr(ord('0') + $count / static::BF);
$result .= chr(ord('0') + $count % static::BF);
$result .= '$' . $output;

return $result;
}

/**
* Generates an Extended DES salt for use in `lithium\security\Password::hash()`.
*
* @param integer $count The base-2 logarithm of the iteration count. Defaults to `18`. Can be
* `1` to `24`. 1 will be stripped from the non-log value, e.g. 2^18 - 1, to
* ensure we don't use a weak DES key.
* @return string The XDES salt.
*/
protected static function _genSaltXDES($count = null) {
$count = (integer) $count;
$count = ($count < 1 || $count > 24) ? static::XDES : $count;

$count = (1 << $count) - 1;
$base64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';

$output = '_' . $base64[$count & 0x3f] . $base64[($count >> 6) & 0x3f];
$output .= $base64[($count >> 12) & 0x3f] . $base64[($count >> 18) & 0x3f];
$output .= String::random(3, array('encode' => String::ENCODE_BASE_64));

return $output;
}

/**
* Generates an MD5 salt for use in `lithium\security\Password::hash()`.
*
* @return string The MD5 salt.
*/
protected static function _genSaltMD5() {
return '$1$' . String::random(6, array('encode' => String::ENCODE_BASE_64));
}
}

?>
Something went wrong with that request. Please try again.