Wikimedia\Slimapp\Auth\Password Class Reference

Password management utility. More...

Static Public Member Functions
static	comparePasswordToHash ( $plainText, $hash)
	Compare a plain text string to a stored password hash.
static	encodePassword ( $plainText)
	Encode a password for database storage.
static	blowfishSalt ( $cost=8)
	Generate a blowfish salt specification.
static	getBytes ( $count, $allowWeak=false)
	Get N high entropy random bytes.
static	isBlowfishHash ( $hash)
	Check a salt specification to see if it is a blowfish crypt value.
static	randomPassword ( $len, $cs=null)
	Generate a random password.
static	hashEquals ( $known, $input)
	Check whether a user-provided string is equal to a fixed-length secret string without revealing bytes of the secret string through timing differences.

Detailed Description

Password management utility.

Author

Bryan Davis bd808.nosp@m.@wik.nosp@m.imedi.nosp@m.a.or.nosp@m.g

Copyright

© 2015 Bryan Davis, Wikimedia Foundation and contributors.

Member Function Documentation

blowfishSalt()

static Wikimedia\Slimapp\Auth\Password::blowfishSalt ( $cost = 8 )

static

Generate a blowfish salt specification.

Parameters

int

$cost

Cost factor

Returns

string Blowfish salt

comparePasswordToHash()

static Wikimedia\Slimapp\Auth\Password::comparePasswordToHash ( $plainText, $hash )

static

Compare a plain text string to a stored password hash.

Parameters

string	$plainText	Password to check
string	$hash	Stored hash to compare with

Returns

bool True if plain text matches hash, false otherwise

encodePassword()

static Wikimedia\Slimapp\Auth\Password::encodePassword ( $plainText )

static

Encode a password for database storage.

Do not use the direct output of this function for comparison with stored values. Modern password hashes use unique salts per encoding and will not be directly comparable. Use the comparePasswordToHash() function for validation instead.

Parameters

string

$plainText

Password in plain text

Returns

string Encoded password

getBytes()

static Wikimedia\Slimapp\Auth\Password::getBytes ( $count, $allowWeak = false )

static

Get N high entropy random bytes.

Parameters

int	$count	Number of bytes to generate
bool	$allowWeak	Allow weak entropy sources

Returns

string String of random bytes

Exceptions

InvalidArgumentException

if $allowWeak is false and no high entropy sources of random data can be found

hashEquals()

static Wikimedia\Slimapp\Auth\Password::hashEquals ( $known, $input )

static

Check whether a user-provided string is equal to a fixed-length secret string without revealing bytes of the secret string through timing differences.

Implementation for PHP deployments which do not natively have hash_equals taken from MediaWiki's hash_equals() polyfill function.

Parameters

string	$known	Fixed-length secret string to compare against
string	$input	User-provided string

Returns

bool True if the strings are the same, false otherwise

isBlowfishHash()

static Wikimedia\Slimapp\Auth\Password::isBlowfishHash ( $hash )

static

Check a salt specification to see if it is a blowfish crypt value.

Parameters

string

$hash

Hash to check

Returns

bool True if blowfish, false otherwise.

randomPassword()

static Wikimedia\Slimapp\Auth\Password::randomPassword ( $len, $cs = null )

static

Generate a random password.

Note: This is not the world's greatest password generation algorithm. It uses a selection technique that has some bias based on modulo arithmetic. If you need a truely random password you'll need to look somewhere else. If you just need a temporary password to email to a user who will promptly log in and change their password to 'god', this should be good enough.

Parameters

int	$len	Length of password desired
string	$cs	Symbol set to select password characters from

Returns

string Password

---

The documentation for this class was generated from the following file:

• src/Auth/Password.php