security/pbkdf2
Composer 安装命令:
composer require security/pbkdf2
包简介
An implementation of PBKDF2 invented by RSA Laboratories. Useful for password strengthening.
关键字:
README 文档
README
An implementation of PBKDF2 invented by RSA Laboratories. Useful for password stretching / strengthening.
The technique is useful for making user passwords and keys much tougher to reverse. This is very valuable for preventing high profile and embarrassing releases of user passwords.
For more detailed information, please visit the geniuses at RSA Labs: http://www.ietf.org/rfc/rfc2898.txt.
Usage
Usage of this library is very simple.
###Strengthen a new password
$pass = $_POST['user_created_password']; $salt = Pbkdf2::generateRandomSalt(); $passHash = Pbkdf2::hash($pass, $salt); unset($pass); // store $passHash and $salt in the database
###Test a password for match
// get $passHash and $salt from the database $isMatch = Pbkdf2::isMatch($_POST['user_password'], $passHash, $salt); if ($isMatch) { // grant login attempt } else { // reject login attempt }
Additional Security
You can also pass an optional arguments for additional security, with a trade-off of performance.
define('CRAZY_LONG_HASH', 'p,gx>vrQ<ayWY9hCd8YZ3KJGNsczWddv?)rMCLVujcPX/=BGVE'); define('CRAZY_HASH_ITERATIONS', 100000); $pass = $_POST['user_created_password']; $salt = Pbkdf2::generateRandomSalt(); $passHash = Pbkdf2::hash($pass, $salt, CRAZY_HASH_ITERATIONS, CRAZY_LONG_HASH); unset($pass); // store $passHash and $salt in the database
Make sure you use the same number of iterations
// get $passHash and $salt from the database $isMatch = Pbkdf2::isMatch($_POST['user_password'], $passHash, $salt, CRAZY_HASH_ITERATIONS); if ($isMatch) { // grant login attempt } else { // reject login attempt }
统计信息
- 总下载量: 80
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 0
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2012-08-24