pimenvibritania/password-stretcher
Composer 安装命令:
composer require pimenvibritania/password-stretcher
包简介
Passwords are "hashed" with PBKDF2
README 文档
README
Passwords are "hashed" with PBKDF2 (64,000 iterations of SHA1 by default) using a cryptographically-random salt.
Usage
To create a hash, when a new account is added to your system, you call the
CreateHash() method provided by this library. To verify a password, you call
VerifyPassword() method provided by this library.
Customization
Each implementation provides several constants that can be changed. Only change these if you know what you are doing, and have help from an expert:
-
PBKDF2_HASH_ALGORITHM: The hash function PBKDF2 uses. By default, it is SHA1 for compatibility across implementations, but you may change it to SHA256 if you don't care about compatibility. Although SHA1 has been cryptographically broken as a collision-resistant function, it is still perfectly safe for password storage with PBKDF2. -
PBKDF2_ITERATIONS: The number of PBKDF2 iterations. By default, it is 32,000. To provide greater protection of passwords, at the expense of needing more processing power to validate passwords, increase the number of iterations. The number of iterations should not be decreased. -
PBKDF2_SALT_BYTES: The number of bytes of salt. By default, 24 bytes, which is 192 bits. This is more than enough. This constant should not be changed. -
PBKDF2_HASH_BYTES: The number of PBKDF2 output bytes. By default, 18 bytes, which is 144 bits. While it may seem useful to increase the number of output bytes, doing so can actually give an advantage to the attacker, as it introduces unnecessary (avoidable) slowness to the PBKDF2 computation. 144 bits was chosen because it is (1) Less than SHA1's 160-bit output (to avoid unnecessary PBKDF2 overhead), and (2) A multiple of 6 bits, so that the base64 encoding is optimal.
Note that these constants are encoded into the hash string when it is created
with CreateHash so that they can be changed without breaking existing hashes.
The new (changed) values will apply only to newly-created hashes.
Hash Format
The hash format is five fields separated by the colon (':') character.
algorithm:iterations:hashSize:salt:hash
Where:
algorithmis the name of the cryptographic hash function ("sha1").iterationsis the number of PBKDF2 iterations ("64000").hashSizeis the length, in bytes, of thehashfield (after decoding).saltis the salt, base64 encoded.hashis the PBKDF2 output, base64 encoded. It must encodehashSizebytes.
Here are some example hashes (all of the password "foobar"):
sha1:64000:18:B6oWbvtHvu8qCgoE75wxmvpidRnGzGFt:R1gkPOuVjqIoTulWP1TABS0H
sha1:64000:18:/GO9XQOPexBFVzRjC9mcOkVEi7ZHQc0/:0mY83V5PvmkkHRR41R1iIhx/
sha1:64000:18:rxGkJ9fMTNU7ezyWWqS7QBOeYKNUcVYL:tn+Zr/xo99LI+kSwLOUav72X
sha1:64000:18:lFtd+Qf93yfMyP6chCxJP5nkOxri6Zbh:B0awZ9cDJCTdfxUVwVqO+Mb5
More Information
For more information on secure password storage, see Crackstation's page on Password Hashing Security.
pimenvibritania/password-stretcher 适用场景与选型建议
pimenvibritania/password-stretcher 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 6 次下载、GitHub Stars 达 0, 最近一次更新时间为 2020 年 09 月 05 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「php」 「password」 「hash」 「encryption」 「pbkdf2」 「encrypt」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 pimenvibritania/password-stretcher 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 pimenvibritania/password-stretcher 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 pimenvibritania/password-stretcher 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
The PHP class PasswordGenerator serves as a password generator to create memorable passwords like the keychain of macOS ≤ 10.14 did.
Laravel middleware to restrict a site or specific routes using HTTP basic authentication
Article CSS-ID Frontend Output Optimization
High-level cryptographic primitives and security utilities for Maatify systems including password hashing, reversible encryption, HKDF key derivation, and key rotation.
♺ Laravel Nova Hashids card. Convert your ids.
A library for reading KeePass 2.x databases
统计信息
- 总下载量: 6
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 1
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: Unknown
- 更新时间: 2020-09-05