Skip to content
An implementation of PBKDF2 invented by RSA Laboratories. Useful for password strengthening.
PHP
Find file
Latest commit f618579 Aug 24, 2012 @thesmart fixing keywoards and url

README.md

php-PBKDF2

An implementation of PBKDF2 invented by RSA Laboratories. Useful for password stretching / strengthening.

The technique is useful for making user passwords and keys much tougher to reverse. This is very valuable for preventing high profile and embarrassing releases of user passwords.

For more detailed information, please visit the geniuses at RSA Labs: http://www.ietf.org/rfc/rfc2898.txt.

Usage

Usage of this library is very simple.

Strengthen a new password

$pass = $_POST['user_created_password'];
$salt = Pbkdf2::generateRandomSalt();
$passHash = Pbkdf2::hash($pass, $salt);
unset($pass);
// store $passHash and $salt in the database

Test a password for match

// get $passHash and $salt from the database
$isMatch = Pbkdf2::isMatch($_POST['user_password'], $passHash, $salt);
if ($isMatch) {
    // grant login attempt
} else {
    // reject login attempt
}

Additional Security

You can also pass an optional arguments for additional security, with a trade-off of performance.

define('CRAZY_LONG_HASH', 'p,gx>vrQ<ayWY9hCd8YZ3KJGNsczWddv?)rMCLVujcPX/=BGVE');
define('CRAZY_HASH_ITERATIONS', 100000);

$pass = $_POST['user_created_password'];
$salt = Pbkdf2::generateRandomSalt();
$passHash = Pbkdf2::hash($pass, $salt, CRAZY_HASH_ITERATIONS, CRAZY_LONG_HASH);
unset($pass);
// store $passHash and $salt in the database

Make sure you use the same number of iterations

// get $passHash and $salt from the database
$isMatch = Pbkdf2::isMatch($_POST['user_password'], $passHash, $salt, CRAZY_HASH_ITERATIONS);
if ($isMatch) {
    // grant login attempt
} else {
    // reject login attempt
}
Something went wrong with that request. Please try again.