rfc:hash_pbkdf2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
rfc:hash_pbkdf2 [2012/06/29 17:13] – Reworded to target master only, removing 5.4 section ircmaxellrfc:hash_pbkdf2 [2012/07/10 16:04] – Change to Implemented Status ircmaxell
Line 1: Line 1:
 ====== Request for Comments: Adding hash_pbkdf2 Function ====== ====== Request for Comments: Adding hash_pbkdf2 Function ======
-  * Version: 0.4+  * Version: 1.0
   * Date: 2012-06-13   * Date: 2012-06-13
   * Author: Anthony Ferrara <ircmaxell@php.net>   * Author: Anthony Ferrara <ircmaxell@php.net>
-  * Status: Proposed+  * Status: Implemented
   * First Published at: http://wiki.php.net/rfc/hash_pbkdf2   * First Published at: http://wiki.php.net/rfc/hash_pbkdf2
  
Line 57: Line 57:
  
 This parameter behaves just like the other *hash_* functions. If set to *true*, the function will return a binary string (chr 0-255). If set to *false*, the function will hex encode the result prior to returning it. This parameter behaves just like the other *hash_* functions. If set to *true*, the function will return a binary string (chr 0-255). If set to *false*, the function will hex encode the result prior to returning it.
 +
 +===== Example =====
 +
 +Let's say you wanted to encrypt a file using a password. The password shouldn't be applied directly to the encryption function, but should be derived first.
 +
 +<file php encryption.php>
 +<?php
 +$password = "foo";
 +$data = "testing this out";
 +$salt = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
 +$key = hash_pbkdf2("sha512", $password, $salt, 5000, 16, true);
 +// $key will be full-byte 0-255 data
 +
 +$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM);
 +
 +$ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, $iv);
 +?>
 +</file>
 +
 +Or for storing passwords (BCrypt is recommended, but there are use-cases for PBKDF2, such as when NIST compliance is mandated):
 +<file php password.php>
 +<?php
 +$password = "foo";
 +$salt = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
 +$hash = hash_pbkdf2("sha512", $password, $salt, 5000, 32);
 +
 +// $hash will be a hex encoded string
 +?>
 +</file>
 +
  
 ===== Proposal and Patch ===== ===== Proposal and Patch =====
Line 67: Line 97:
  
 This RFC intends to add this functionality to master (5.5) only. This RFC intends to add this functionality to master (5.5) only.
 +
 +===== Vote =====
 +
 +Vote begins on 2012/07/02 and ends on 2012/07/09.  This vote is to include the new function in master only (5.5).
 +
 +<doodle 
 +title="rfc/hash_pbkdf2" auth="user" voteType="multi" closed="True">
 +   * Yes?
 +   * No?
 +</doodle>
  
 ===== More about PBKDF2 ===== ===== More about PBKDF2 =====
Line 80: Line 120:
   * 0.3 - Added Parameter Information   * 0.3 - Added Parameter Information
   * 0.4 - Reworded to target master only, removing 5.4 section   * 0.4 - Reworded to target master only, removing 5.4 section
 +  * 1.0 - Moving to Accepted state
rfc/hash_pbkdf2.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1

Page Tools