rfc:hash_pbkdf2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
rfc:hash_pbkdf2 [2012/07/02 16:32] – Open voting for hash_pbkdf2 ircmaxellrfc:hash_pbkdf2 [2012/07/10 16:04] – Change to Implemented Status ircmaxell
Line 1: Line 1:
 ====== Request for Comments: Adding hash_pbkdf2 Function ====== ====== Request for Comments: Adding hash_pbkdf2 Function ======
-  * Version: 0.4+  * Version: 1.0
   * Date: 2012-06-13   * Date: 2012-06-13
   * Author: Anthony Ferrara <ircmaxell@php.net>   * Author: Anthony Ferrara <ircmaxell@php.net>
-  * Status: Voting+  * Status: Implemented
   * First Published at: http://wiki.php.net/rfc/hash_pbkdf2   * First Published at: http://wiki.php.net/rfc/hash_pbkdf2
  
Line 57: Line 57:
  
 This parameter behaves just like the other *hash_* functions. If set to *true*, the function will return a binary string (chr 0-255). If set to *false*, the function will hex encode the result prior to returning it. This parameter behaves just like the other *hash_* functions. If set to *true*, the function will return a binary string (chr 0-255). If set to *false*, the function will hex encode the result prior to returning it.
 +
 +===== Example =====
 +
 +Let's say you wanted to encrypt a file using a password. The password shouldn't be applied directly to the encryption function, but should be derived first.
 +
 +<file php encryption.php>
 +<?php
 +$password = "foo";
 +$data = "testing this out";
 +$salt = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
 +$key = hash_pbkdf2("sha512", $password, $salt, 5000, 16, true);
 +// $key will be full-byte 0-255 data
 +
 +$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM);
 +
 +$ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, $iv);
 +?>
 +</file>
 +
 +Or for storing passwords (BCrypt is recommended, but there are use-cases for PBKDF2, such as when NIST compliance is mandated):
 +<file php password.php>
 +<?php
 +$password = "foo";
 +$salt = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
 +$hash = hash_pbkdf2("sha512", $password, $salt, 5000, 32);
 +
 +// $hash will be a hex encoded string
 +?>
 +</file>
 +
  
 ===== Proposal and Patch ===== ===== Proposal and Patch =====
Line 73: Line 103:
  
 <doodle  <doodle 
-title="rfc/hash_pbkdf2" auth="user" voteType="multi">+title="rfc/hash_pbkdf2" auth="user" voteType="multi" closed="True">
    * Yes?    * Yes?
    * No?    * No?
Line 90: Line 120:
   * 0.3 - Added Parameter Information   * 0.3 - Added Parameter Information
   * 0.4 - Reworded to target master only, removing 5.4 section   * 0.4 - Reworded to target master only, removing 5.4 section
 +  * 1.0 - Moving to Accepted state
rfc/hash_pbkdf2.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1

Page Tools