PHP Function sodium_crypto_pwhash_str_verify

PHP Function sodium_crypto_pwhash_str_verify checks whether a password hash is the same as a given plain-text password. It uses the Argon2 ID algorithm, which is resistant to GPU attacks. It is a more secure alternative to the scrypt password hashing algorithm. It is also more resistant to side-channel attacks such as cache timing. The function has a number of arguments, but the two most important are pwhash_str_pair and operations_limit. pwhash_str_pair is the hashed string to check, and operations_limit is the maximum number of CPU cycles that can be used to compute the key.

Another popular libsodium function is crypto_auth(), which authenticates messages with secret keys. This is similar to HMAC, but it is more useful for applications that require the sender to be authenticated, rather than just the receiver. This is why it is useful for things like digital signatures, as well as password hashing.

In addition to authentication, libsodium provides encryption functions as well. These include crypto_box(), which implements authenticated asymmetric (public-key) encryption, and crypto_box_seal(), which seals a message in such a way that only the recipient can decrypt it. For more information, see the libsodium documentation.

As of PHP 7.2, libsodium is included by default in the core, so you don’t need to install an extension to use it. Compared to scrypt, libsodium is easier to use and harder to misconfigure. If you’re not using it yet, give it a try! Learn to become a Full Stack Web Developer – Enroll in the MEAN Stack Master's Program.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

sodium_crypto_pwhash_str_verify example

if (!str_starts_with($hashedPassword, '$argon')) {
            if (str_starts_with($hashedPassword, '$2') && (72 < \strlen($plainPassword) || str_contains($plainPassword, "\0"))) {
                $plainPassword = base64_encode(hash('sha512', $plainPassword, true));
            }

            // Accept validating non-argon passwords for seamless migrations             return password_verify($plainPassword$hashedPassword);
        }

        if (\function_exists('sodium_crypto_pwhash_str_verify')) {
            return sodium_crypto_pwhash_str_verify($hashedPassword$plainPassword);
        }

        if (\extension_loaded('libsodium')) {
            return \Sodium\crypto_pwhash_str_verify($hashedPassword$plainPassword);
        }

        return false;
    }

    public function needsRehash(string $hashedPassword): bool
    {
        
if (!str_starts_with($hashedPassword, '$argon')) {
            // Bcrypt cuts on NUL chars and after 72 bytes             if (str_starts_with($hashedPassword, '$2') && (72 < \strlen($plainPassword) || str_contains($plainPassword, "\0"))) {
                $plainPassword = base64_encode(hash('sha512', $plainPassword, true));
            }

            return password_verify($plainPassword$hashedPassword);
        }

        if (\extension_loaded('sodium') && version_compare(\SODIUM_LIBRARY_VERSION, '1.0.14', '>=')) {
            return sodium_crypto_pwhash_str_verify($hashedPassword$plainPassword);
        }

        if (\extension_loaded('libsodium') && version_compare(phpversion('libsodium'), '1.0.14', '>=')) {
            return \Sodium\crypto_pwhash_str_verify($hashedPassword$plainPassword);
        }

        return password_verify($plainPassword$hashedPassword);
    }

    public function needsRehash(string $hashedPassword): bool
    {
        

    public static function crypto_pwhash_str_verify($passwd$hash)
    {
        ParagonIE_Sodium_Core_Util::declareScalarType($passwd, 'string', 1);
        ParagonIE_Sodium_Core_Util::declareScalarType($hash, 'string', 2);

        if (self::useNewSodiumAPI()) {
            return (bool) sodium_crypto_pwhash_str_verify($passwd$hash);
        }
        if (self::use_fallback('crypto_pwhash_str_verify')) {
            return (bool) call_user_func('\\Sodium\\crypto_pwhash_str_verify', $passwd$hash);
        }
        // This is the best we can do.         throw new SodiumException(
            'This is not implemented, as it is not possible to implement Argon2i with acceptable performance in pure-PHP'
        );
    }

    /** * @param int $outlen * @param string $passwd * @param string $salt * @param int $opslimit * @param int $memlimit * @return string * @throws SodiumException * @throws TypeError */
Home | Imprint | This part of the site doesn't use cookies.