sodium_crypto_pwhash_str - PHP code example

php Function Sodium Crypto Pwhash Str

The php function sodium_crypto_pwhash_str generates a random password hash for use with salt. Depending on the chosen salt, this function can also be used to verify the hash. The salt should be randomly generated and stored in a secret location (preferably not on the web server). The result of the function is an ASCII-encoded string that can then be stored as part of a database or file for later verification.

Sodium is a high-level library of functions that perform cryptography operations such as encryption and verification. It's usually bundled with PHP as an extension and is a great choice for password hashing and authentication, because it uses a modern, secure, easy to configure algorithm called Argon2. As of PHP 7.2, the standard password_hash() function supports argon2 by default, which is a huge improvement over previous choices like MD5 or SHA-1.

The crypto_pwhash_str function takes three input arguments:

sodium_crypto_pwhash_str example

    public static function crypto_pwhash_str($passwd, $opslimit, $memlimit)
    {
        ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 1);
        ParagonIE_Sodium_Core_Util::declareScalarType($opslimit, 'int', 2);
        ParagonIE_Sodium_Core_Util::declareScalarType($memlimit, 'int', 3);

        if (self::useNewSodiumAPI()) {
            return sodium_crypto_pwhash_str($passwd, $opslimit, $memlimit);
        }
        if (self::use_fallback('crypto_pwhash_str')) {
            return (string) call_user_func('\\Sodium\\crypto_pwhash_str', $passwd, $opslimit, $memlimit);
        }
        // This is the best we can do.         throw new SodiumException(
            'This is not implemented, as it is not possible to implement Argon2i with acceptable performance in pure-PHP'
        );
    }

    /** * Do we need to rehash this password? * * @param string $hash * @param int $opslimit * @param int $memlimit * @return bool * @throws SodiumException */

        return version_compare(\extension_loaded('sodium') ? \SODIUM_LIBRARY_VERSION : phpversion('libsodium'), '1.0.14', '>=');
    }

    public function hash(#[\SensitiveParameter] string $plainPassword): string     {
        if ($this->isPasswordTooLong($plainPassword)) {
            throw new InvalidPasswordException();
        }

        if (\function_exists('sodium_crypto_pwhash_str')) {
            return sodium_crypto_pwhash_str($plainPassword, $this->opsLimit, $this->memLimit);
        }

        if (\extension_loaded('libsodium')) {
            return \Sodium\crypto_pwhash_str($plainPassword, $this->opsLimit, $this->memLimit);
        }

        throw new LogicException('Libsodium is not available. You should either install the sodium extension or use a different password hasher.');
    }

    public function verify(string $hashedPassword, #[\SensitiveParameter] string $plainPassword): bool     {