rfc:hash_pbkdf2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
rfc:hash_pbkdf2 [2012/06/29 17:13] – Reworded to target master only, removing 5.4 section ircmaxellrfc:hash_pbkdf2 [2017/09/22 13:28] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== Request for Comments: Adding hash_pbkdf2 Function ====== ====== Request for Comments: Adding hash_pbkdf2 Function ======
-  * Version: 0.4+  * Version: 1.0
   * Date: 2012-06-13   * Date: 2012-06-13
   * Author: Anthony Ferrara <ircmaxell@php.net>   * Author: Anthony Ferrara <ircmaxell@php.net>
-  * Status: Proposed+  * Status: Implemented
   * First Published at: http://wiki.php.net/rfc/hash_pbkdf2   * First Published at: http://wiki.php.net/rfc/hash_pbkdf2
  
Line 57: Line 57:
  
 This parameter behaves just like the other *hash_* functions. If set to *true*, the function will return a binary string (chr 0-255). If set to *false*, the function will hex encode the result prior to returning it. This parameter behaves just like the other *hash_* functions. If set to *true*, the function will return a binary string (chr 0-255). If set to *false*, the function will hex encode the result prior to returning it.
 +
 +===== Example =====
 +
 +Let's say you wanted to encrypt a file using a password. The password shouldn't be applied directly to the encryption function, but should be derived first.
 +
 +<file php encryption.php>
 +<?php
 +$password = "foo";
 +$data = "testing this out";
 +$salt = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
 +$key = hash_pbkdf2("sha512", $password, $salt, 5000, 16, true);
 +// $key will be full-byte 0-255 data
 +
 +$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_DEV_URANDOM);
 +
 +$ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, $iv);
 +?>
 +</file>
 +
 +Or for storing passwords (BCrypt is recommended, but there are use-cases for PBKDF2, such as when NIST compliance is mandated):
 +<file php password.php>
 +<?php
 +$password = "foo";
 +$salt = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
 +$hash = hash_pbkdf2("sha512", $password, $salt, 5000, 32);
 +
 +// $hash will be a hex encoded string
 +?>
 +</file>
 +
  
 ===== Proposal and Patch ===== ===== Proposal and Patch =====
Line 67: Line 97:
  
 This RFC intends to add this functionality to master (5.5) only. This RFC intends to add this functionality to master (5.5) only.
 +
 +===== Vote =====
 +
 +Vote begins on 2012/07/02 and ends on 2012/07/09.  This vote is to include the new function in master only (5.5).
 +
 +<doodle 
 +title="rfc/hash_pbkdf2" auth="user" voteType="multi" closed="True">
 +   * Yes?
 +   * No?
 +</doodle>
  
 ===== More about PBKDF2 ===== ===== More about PBKDF2 =====
Line 80: Line 120:
   * 0.3 - Added Parameter Information   * 0.3 - Added Parameter Information
   * 0.4 - Reworded to target master only, removing 5.4 section   * 0.4 - Reworded to target master only, removing 5.4 section
 +  * 1.0 - Moving to Accepted state
rfc/hash_pbkdf2.1340990010.txt.gz · Last modified: 2017/09/22 13:28 (external edit)