Permalink
Browse files

First commit

  • Loading branch information...
0 parents commit c67554b9fd859db02231284ce1768153284ae8a6 @phpnode committed Mar 21, 2012
@@ -0,0 +1,77 @@
+<?php
+/**
+ * A password strategy that uses bcrypt.
+ * The default implementation uses a work factor of 12, you should adjust
+ * this based on your security requirements
+ * @author Charles Pick
+ * @package packages.passwordStrategy
+ */
+class ABcryptPasswordStrategy extends APasswordStrategy
+{
+ /**
+ * The work factor used when hashing passwords.
+ * The higher the work factor the more computationally expensive
+ * it is to encode and validate passwords. So it makes your passwords
+ * harder to crack, but it can also be a burden on your own server.
+ *
+ * @var integer
+ */
+ public $workFactor = 12;
+ /**
+ * Generates a random salt.
+ * @return string the generated salt
+ */
+ protected function generateSalt()
+ {
+ $salt = '$2a$'.str_pad($this->workFactor,2,'0',STR_PAD_LEFT).'$';
+ $salt .= substr(strtr(base64_encode($this->getRandomBytes(16)),'+','.'),0,22);
+ return $salt;
+ }
+ /**
+ * Gets a number of random bytes
+ * @param integer $count the number of bytes to return
+ * @return bool|string
+ */
+ protected function getRandomBytes($count = 16)
+ {
+ $bytes = "";
+ if (function_exists("openssl_random_pseudo_bytes") && strtoupper(substr(PHP_OS,0,3)) !== "WIN") {
+ $bytes = openssl_random_pseudo_bytes($count);
+ }
+ else if(
+ $bytes == ""
+ && is_readable("/dev/urandom")
+ && ($handle = fopen("/dev/urandom", "rb")) !== false
+ ) {
+ $bytes = fread($handle,$count);
+ fclose($handle);
+ }
+
+ if (strlen($bytes) < $count) {
+ $key = uniqid(Yii::app()->name, true);
+
+ // we need to pad with some pseudo random bytes
+ while(strlen($bytes) < $count) {
+ $value = $bytes;
+ for($i = 0; $i < 12; $i++) {
+ $value = hash_hmac("salsa20",microtime().$value,$key,true);
+ usleep(10); // make sure microtime() returns a new value
+ }
+ $bytes = substr($value,0,$count);
+ }
+ }
+ return $bytes;
+ }
+
+ /**
+ * Encode a plain text password.
+ * Child classes should implement this method and do their encoding here
+ * @param string $password the plain text password to encode
+ * @return string the encoded password
+ */
+ public function encode($password)
+ {
+ return crypt($password,$this->getSalt());
+ }
+
+}
@@ -0,0 +1,50 @@
+<?php
+/**
+ * A password strategy based on multiple rounds of hashes.
+ * The default implementation encodes passwords using 100 rounds of sha1
+ * @author Charles Pick
+ * @package packages.passwordStrategy
+ */
+class AHashPasswordStrategy extends APasswordStrategy {
+
+ /**
+ * The work factor used when hashing passwords.
+ * The higher the work factor the more computationally expensive
+ * it is to encode and validate passwords. So it makes your passwords
+ * harder to crack, but it can also be a burden on your own server.
+ *
+ * @var integer
+ */
+ public $workFactor = 100;
+
+ /**
+ * The hash method to use when encoding passwords
+ * @var Callable
+ */
+ public $hashMethod = array("sha1");
+
+ /**
+ * Generates a random salt to use when noncing passwords
+ * @return string the random salt
+ */
+ protected function generateSalt()
+ {
+ return sha1(uniqid("",true));
+ }
+
+ /**
+ * Encode a plain text password.
+ * Child classes should implement this method and do their encoding here
+ * @param string $password the plain text password to encode
+ * @return string the encoded password
+ */
+ public function encode($password)
+ {
+ $hash = $this->getSalt()."###".$password;
+ for($i = 0; $i < $this->workFactor; $i++) {
+ $hash = sha1($hash);
+ }
+ return $hash;
+ }
+
+}
@@ -0,0 +1,22 @@
+<?php
+/**
+ * A legacy password strategy based unsalted md5.
+ * You should NOT use this strategy in modern web applications, it is provided
+ * to allow systems using this old, now broken standard to upgrade to a more
+ * secure strategy.
+ *
+ * @author Charles Pick
+ * @package packages.passwordStrategy
+ */
+class ALegacyMd5PasswordStrategy extends APasswordStrategy {
+ /**
+ * Encode a plain text password.
+ * @param string $password the plain text password to encode
+ * @return string the encoded password
+ */
+ public function encode($password)
+ {
+ return md5($password);
+ }
+
+}
@@ -0,0 +1,22 @@
+<?php
+/**
+ * A legacy password strategy based unsalted sha1.
+ * You should NOT use this strategy in modern web applications, it is provided
+ * to allow systems using this old, now broken standard to upgrade to a more
+ * secure strategy.
+ *
+ * @author Charles Pick
+ * @package packages.passwordStrategy
+ */
+class ALegacySha1PasswordStrategy extends APasswordStrategy {
+ /**
+ * Encode a plain text password.
+ * @param string $password the plain text password to encode
+ * @return string the encoded password
+ */
+ public function encode($password)
+ {
+ return sha1($password);
+ }
+
+}
Oops, something went wrong.

0 comments on commit c67554b

Please sign in to comment.