An implementation of PBKDF2 invented by RSA Laboratories. Useful for password strengthening.
Switch branches/tags
Nothing to show
Pull request Compare This branch is even with thesmart:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
tests
.gitignore
README.md
composer.json

README.md

php-PBKDF2

An implementation of PBKDF2 invented by RSA Laboratories. Useful for password stretching / strengthening.

The technique is useful for making user passwords and keys much tougher to reverse. This is very valuable for preventing high profile and embarrassing releases of user passwords.

For more detailed information, please visit the geniuses at RSA Labs: http://www.ietf.org/rfc/rfc2898.txt.

Usage

Usage of this library is very simple.

###Strengthen a new password

$pass = $_POST['user_created_password'];
$salt = Pbkdf2::generateRandomSalt();
$passHash = Pbkdf2::hash($pass, $salt);
unset($pass);
// store $passHash and $salt in the database

###Test a password for match

// get $passHash and $salt from the database
$isMatch = Pbkdf2::isMatch($_POST['user_password'], $passHash, $salt);
if ($isMatch) {
	// grant login attempt
} else {
	// reject login attempt
}

Additional Security

You can also pass an optional arguments for additional security, with a trade-off of performance.

define('CRAZY_LONG_HASH', 'p,gx>vrQ<ayWY9hCd8YZ3KJGNsczWddv?)rMCLVujcPX/=BGVE');
define('CRAZY_HASH_ITERATIONS', 100000);

$pass = $_POST['user_created_password'];
$salt = Pbkdf2::generateRandomSalt();
$passHash = Pbkdf2::hash($pass, $salt, CRAZY_HASH_ITERATIONS, CRAZY_LONG_HASH);
unset($pass);
// store $passHash and $salt in the database

Make sure you use the same number of iterations

// get $passHash and $salt from the database
$isMatch = Pbkdf2::isMatch($_POST['user_password'], $passHash, $salt, CRAZY_HASH_ITERATIONS);
if ($isMatch) {
	// grant login attempt
} else {
	// reject login attempt
}