Skip to content

Instantly share code, notes, and snippets.

@michalczukm

michalczukm/PasswordHashService elements

Last active August 29, 2015 14:00
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save michalczukm/1c5501d9f998dd04d21f to your computer and use it in GitHub Desktop.
Save michalczukm/1c5501d9f998dd04d21f to your computer and use it in GitHub Desktop.
Download ZIP
Fragment of code from [https://crackstation.net/hashing-security.htm#aspsourcecode] In compare with orginal methods: I removed hash alhorithm from hash string
Raw
PasswordHashService elements
function create_hash($password)
{
// format: algorithm:iterations:salt:hash
$salt = mcrypt_create_iv(PBKDF2_SALT_BYTE_SIZE, MCRYPT_DEV_URANDOM);
$encoded_salt = base64_encode($salt);
return PBKDF2_ITERATIONS . ":" . $encoded_salt . ":" .
base64_encode($this->pbkdf2(
PBKDF2_HASH_ALGORITHM,
$password,
$salt,
PBKDF2_ITERATIONS,
PBKDF2_HASH_BYTE_SIZE,
true
));
}
function validate_password($password, $correct_hash)
{
$params = explode(":", $correct_hash);
if(count($params) < HASH_SECTIONS)
return false;
$pbkdf2 = base64_decode($params[HASH_PBKDF2_INDEX]);
$salt = base64_decode($params[HASH_SALT_INDEX]);
return $this->slow_equals(
$pbkdf2,
$this->pbkdf2(
PBKDF2_HASH_ALGORITHM,
$password,
$salt,
(int)$params[HASH_ITERATION_INDEX],
strlen($pbkdf2),
true
)
);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment