PHP Function Hash_PBKDF2

Hashing function is used to check if two strings are equal. The string is divided into a number of segments and each segment is compared with the target string. If the string is not equal to the target it will return FALSE. This is a common method used in web application security to protect against attacks and vulnerabilities.

The php function hash_pbkdf2 takes a password and generates a binary key which is double the size of the original password. The algorithm takes into account a salt and the number of iterations so that if the password is known then it will be hard to decipher the key using brute force methods. This is a great solution for applications that require passwords to be encrypted because it prevents unauthorized access to the database.

This function uses the openssl_pbkdf2 adapter which is part of the pgp library. The pgp library is a library of functions that provide cryptographical services to PHP programs.

openssl_pbkdf2 computes PBKDF2 (Password-Based Key Derivation Function 2), a key derivation function defined in PKCS5 v2. It recommends a crytographic salt and a number of iterations. The derived key is returned as a raw binary string or false on failure.

The hash_pbkdf2() function takes six parameters, as follows: $algo – name of the selected hashing algorithm (like "md5", "sha256", "sha1"). $password – the password that will be used to create the PBKDF2 key derivation. $salt – a salt value that is a random per-session secret. $itr – the number of internal iterations to be performed. The derived key is returned as hex data or, if $raw_output is set to TRUE, in raw binary form.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

hash_pbkdf2 example

public function hash(#[\SensitiveParameter] string $plainPassword, string $salt = null): string     {
        if ($this->isPasswordTooLong($plainPassword)) {
            throw new InvalidPasswordException();
        }

        if (!\in_array($this->algorithm, hash_algos(), true)) {
            throw new LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
        }

        $digest = hash_pbkdf2($this->algorithm, $plainPassword$salt ?? '', $this->iterations, $this->length, true);

        return $this->encodeHashAsBase64 ? base64_encode($digest) : bin2hex($digest);
    }

    public function verify(string $hashedPassword, #[\SensitiveParameter] string $plainPassword, string $salt = null): bool     {
        if (\strlen($hashedPassword) !== $this->encodedLength || str_contains($hashedPassword, '$')) {
            return false;
        }

        return !$this->isPasswordTooLong($plainPassword) && hash_equals($hashedPassword$this->hash($plainPassword$salt));
    }
Home | Imprint | This part of the site doesn't use cookies.