rfc:hash_pbkdf2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
rfc:hash_pbkdf2 [2012/07/02 16:32] – Open voting for hash_pbkdf2 ircmaxellrfc:hash_pbkdf2 [2012/07/02 16:49] – Add 2 examples ircmaxell
Line 57: Line 57:
  
 This parameter behaves just like the other *hash_* functions. If set to *true*, the function will return a binary string (chr 0-255). If set to *false*, the function will hex encode the result prior to returning it. This parameter behaves just like the other *hash_* functions. If set to *true*, the function will return a binary string (chr 0-255). If set to *false*, the function will hex encode the result prior to returning it.
 +
 +===== Example =====
 +
 +Let's say you wanted to encrypt a file using a password. The password shouldn't be applied directly to the encryption function, but should be derived first.
 +
 +<file php encryption.php>
 +<?php
 +$password = "foo";
 +$data = "testing this out";
 +$salt = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
 +$key = hash_pbkdf2("sha512", $password, $salt, 5000, 16, true);
 +// $key will be full-byte 0-255 data
 +
 +$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM);
 +
 +$ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, $iv);
 +?>
 +</file>
 +
 +Or for storing passwords (BCrypt is recommended, but there are use-cases for PBKDF2, such as when NIST compliance is mandated):
 +<file php password.php>
 +<?php
 +$password = "foo";
 +$salt = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
 +$hash = hash_pbkdf2("sha512", $password, $salt, 5000, 32);
 +
 +// $hash will be a hex encoded string
 +?>
 +</file>
 +
  
 ===== Proposal and Patch ===== ===== Proposal and Patch =====
rfc/hash_pbkdf2.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1

Page Tools