Pbkdf2PasswordEncoder
extends BasePasswordEncoder
in package
Pbkdf2PasswordEncoder uses the PBKDF2 (Password-Based Key Derivation Function 2).
Providing a high level of Cryptographic security, PBKDF2 is recommended by the National Institute of Standards and Technology (NIST).
But also warrants a warning, using PBKDF2 (with a high number of iterations) slows down the process. PBKDF2 should be used with caution and care.
Tags
Table of Contents
- MAX_PASSWORD_LENGTH = 4096
- $algorithm : mixed
- $encodedLength : mixed
- $encodeHashAsBase64 : mixed
- $iterations : mixed
- $length : mixed
- __construct() : mixed
- encodePassword() : mixed
- {@inheritdoc}
- isPasswordValid() : mixed
- {@inheritdoc}
- needsRehash() : bool
- {@inheritdoc}
- comparePasswords() : bool
- Compares two passwords.
- demergePasswordAndSalt() : array<string|int, mixed>
- Demerges a merge password and salt string.
- isPasswordTooLong() : bool
- Checks if the password is too long.
- mergePasswordAndSalt() : string
- Merges a password and a salt.
Constants
MAX_PASSWORD_LENGTH
public
mixed
MAX_PASSWORD_LENGTH
= 4096
Properties
$algorithm
private
mixed
$algorithm
$encodedLength
private
mixed
$encodedLength
= -1
$encodeHashAsBase64
private
mixed
$encodeHashAsBase64
$iterations
private
mixed
$iterations
= 1
$length
private
mixed
$length
Methods
__construct()
public
__construct([string $algorithm = 'sha512' ][, bool $encodeHashAsBase64 = true ][, int $iterations = 1000 ][, int $length = 40 ]) : mixed
Parameters
- $algorithm : string = 'sha512'
-
The digest algorithm to use
- $encodeHashAsBase64 : bool = true
-
Whether to base64 encode the password hash
- $iterations : int = 1000
-
The number of iterations to use to stretch the password hash
- $length : int = 40
-
Length of derived key to create
Return values
mixed —encodePassword()
{@inheritdoc}
public
encodePassword(mixed $raw, mixed $salt) : mixed
Parameters
- $raw : mixed
- $salt : mixed
Tags
Return values
mixed —isPasswordValid()
{@inheritdoc}
public
isPasswordValid(mixed $encoded, mixed $raw, mixed $salt) : mixed
Parameters
- $encoded : mixed
- $raw : mixed
- $salt : mixed
Return values
mixed —needsRehash()
{@inheritdoc}
public
needsRehash(string $encoded) : bool
Parameters
- $encoded : string
Return values
bool —comparePasswords()
Compares two passwords.
protected
comparePasswords(string $password1, string $password2) : bool
This method implements a constant-time algorithm to compare passwords to avoid (remote) timing attacks.
Parameters
- $password1 : string
-
The first password
- $password2 : string
-
The second password
Return values
bool —true if the two passwords are the same, false otherwise
demergePasswordAndSalt()
Demerges a merge password and salt string.
protected
demergePasswordAndSalt(string $mergedPasswordSalt) : array<string|int, mixed>
Parameters
- $mergedPasswordSalt : string
-
The merged password and salt string
Return values
array<string|int, mixed> —An array where the first element is the password and the second the salt
isPasswordTooLong()
Checks if the password is too long.
protected
isPasswordTooLong(string $password) : bool
Parameters
- $password : string
-
The password to check
Return values
bool —true if the password is too long, false otherwise
mergePasswordAndSalt()
Merges a password and a salt.
protected
mergePasswordAndSalt(string $password, string|null $salt) : string
Parameters
- $password : string
-
The password to be used
- $salt : string|null
-
The salt to be used
Tags
Return values
string —a merged password and salt