A PBKDF2-hashed password. More...
Public Member Functions | |
| crypt (string $password) | |
| Hash a password and store the result in this object. More... | |
 Public Member Functions inherited from ParameterizedPassword | |
| needsUpdate () | |
| Determine if the hash needs to be updated. More... | |
| toString () | |
| Convert this hash to a string that can be stored in the database. More... | |
| Public Member Functions inherited from Password | |
| __construct (PasswordFactory $factory, array $config, string $hash=null) | |
| Construct the Password object using a string hash. More... | |
| getType () | |
| Get the type name of the password. More... | |
| verify (string $password) | |
| Checks whether the given password matches the hash stored in this object. More... | |
Static Public Member Functions | |
| static | newInstance (PasswordFactory $factory, array $config, string $hash=null) |
| Create a new AbstractPbkdf2Password object. More... | |
Protected Member Functions | ||||||
| getDefaultParams () | ||||||
| Return an ordered array of default parameters for this password hash. More... | ||||||
| getDelimiter () | ||||||
| Returns the delimiter for the parameters inside the hash. More... | ||||||
| getDigestAlgo (string $algo) | ||||||
| Get the implementation specific name for a hash algorithm. More... | ||||||
| pbkdf2 (string $digestAlgo, string $password, string $salt, int $rounds, int $length) | ||||||
| Call the PBKDF2 implementation, which hashes the password. More... | ||||||
| Protected Member Functions inherited from ParameterizedPassword | ||||||
| parseHash (?string $hash) | ||||||
Perform any parsing necessary on the hash to see if the hash is valid and/or to perform logic for seeing if the hash needs updating.
| ||||||
| Protected Member Functions inherited from Password | ||||||
| assertIsSafeSize (string $hash) | ||||||
| Assert that hash will fit in a tinyblob field. More... | ||||||
| isSupported () | ||||||
| Whether current password type is supported on this system. More... | ||||||
Static Protected Member Functions | |
| static | canUseOpenSSL () |
| Check if OpenSSL can be used for computing PBKDF2 password hashes. More... | |
Additional Inherited Members | |
| Protected Attributes inherited from ParameterizedPassword | |
| string[] | $args = [] |
| Extra arguments that were found in the hash. More... | |
| array | $params = [] |
| Named parameters that have default values for this password type. More... | |
| Protected Attributes inherited from Password | |
| array | $config |
| Array of configuration variables injected from the constructor. More... | |
| PasswordFactory | $factory |
| Factory that created the object. More... | |
| string null | $hash |
| String representation of the hash without the type. More... | |
Detailed Description
A PBKDF2-hashed password.
This is a computationally complex password hash for use in modern applications. The number of rounds can be configured by $wgPasswordConfig['pbkdf2']['cost'].
To support different native implementations of PBKDF2 and the underlying hash algorithms, the following subclasses are available:
- Pbkdf2PasswordUsingOpenSSL is the preferred, more efficient option and is used by default when possible.
- Pbkdf2PasswordUsingHashExtension provides compatibility with PBKDF2 password hashes computed using legacy algorithms, as well as PHP installations lacking OpenSSL support.
- Since
- 1.40
Definition at line 42 of file AbstractPbkdf2Password.php.
Member Function Documentation
◆ canUseOpenSSL()
|
staticprotected |
Check if OpenSSL can be used for computing PBKDF2 password hashes.
- Returns
- bool
Definition at line 77 of file AbstractPbkdf2Password.php.
◆ crypt()
| AbstractPbkdf2Password::crypt | ( | string | $password | ) |
Hash a password and store the result in this object.
The result of the password hash should be put into the internal state of the hash object.
- Parameters
-
string $password Password to hash
- Exceptions
-
PasswordError If an internal error occurs in hashing
Reimplemented from Password.
Definition at line 97 of file AbstractPbkdf2Password.php.
◆ getDefaultParams()
|
protected |
Return an ordered array of default parameters for this password hash.
The keys should be the parameter names and the values should be the default values. Additionally, the order of the array should be the order in which they appear in the hash.
When parsing a password hash, the constructor will split the hash based on the delimiter, and consume as many parts as it can, matching each to a parameter in this list. Once all the parameters have been filled, all remaining parts will be considered extra arguments, except, of course, for the very last part, which is the hash itself.
- Returns
- array
Reimplemented from ParameterizedPassword.
Definition at line 85 of file AbstractPbkdf2Password.php.
◆ getDelimiter()
|
protected |
Returns the delimiter for the parameters inside the hash.
- Returns
- string
Reimplemented from ParameterizedPassword.
Definition at line 93 of file AbstractPbkdf2Password.php.
◆ getDigestAlgo()
|
abstractprotected |
Get the implementation specific name for a hash algorithm.
- Parameters
-
string $algo Algorithm specified in the password hash string
- Returns
- string|null $algo Implementation specific name, or null if unsupported
Reimplemented in Pbkdf2PasswordUsingOpenSSL, and Pbkdf2PasswordUsingHashExtension.
◆ newInstance()
|
static |
Create a new AbstractPbkdf2Password object.
In the default configuration, this is used as a factory function in order to select a PBKDF2 implementation automatically.
- Access: internal
- See also
- Password::__construct
- Parameters
-
PasswordFactory $factory Factory object that created the password array $config Array of engine configuration options for hashing string | null $hash The raw hash, including the type
- Returns
- AbstractPbkdf2Password The created object
- Exceptions
-
Exception If $config does not contain required parameters
Definition at line 57 of file AbstractPbkdf2Password.php.
References Password\$config, Password\$factory, and Password\$hash.
◆ pbkdf2()
|
abstractprotected |
Call the PBKDF2 implementation, which hashes the password.
- Parameters
-
string $digestAlgo Implementation specific hash algorithm name string $password Password to hash string $salt Salt as a binary string int $rounds Number of iterations int $length Length of the hash value in bytes
- Returns
- string Hash value as a binary string
- Exceptions
-
PasswordError If an internal error occurs in hashing
Reimplemented in Pbkdf2PasswordUsingOpenSSL, and Pbkdf2PasswordUsingHashExtension.
The documentation for this class was generated from the following file:
- includes/password/AbstractPbkdf2Password.php
