Example code for How to Safely Store a Password in 2016.
Scott paragonie-scott
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/original.txt b/translated.txt | |
| index 3ad4249..9cf4d1f 100755 | |
| --- a/original.txt | |
| +++ b/translated.txt | |
| @@ -1,151 +1,151 @@ | |
| import random | |
| tests = [ | |
| - 'example', | |
| - 'gcddegree', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| define('BENCH_ROUNDS', 200); | |
| $start = $stop = 0.0; | |
| $short = str_repeat("A", 16); | |
| $long = str_repeat("A", 1 << 20); | |
| $start = microtime(true); | |
| for ($i = 0; $i < BENCH_ROUNDS; ++$i) { | |
| sodium_crypto_pwhash_str($short, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE); |
paragonie-scott
/ pbkdf2-symfony-polyfill.php
Created
October 11, 2018 18:02
— forked from spaze/pbkdf2-symfony-polyfill.php
Symfony's PBKDF2 polyfill benchmark (TL;DR it's slow) for the thread here https://twitter.com/spazef0rze/status/1050436425559302147
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function hashPbkdf2($algorithm, $password, $salt, $iterations, $length = 0) | |
| { | |
| // Number of blocks needed to create the derived key | |
| $blocks = ceil($length / strlen(hash($algorithm, null, true))); | |
| $digest = ''; | |
| $length = strlen(hash($algorithm, '', true)); | |
| if (strlen($password) > $length) { | |
| $password = hash($algorithm, $password, true); | |
| } |
paragonie-scott
/ pbkdf2bench.php
Created
October 11, 2018 16:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| define('BENCH_ROUNDS', 200); | |
| $start = $stop = 0.0; | |
| $salt = random_bytes(32); | |
| $short = str_repeat("A", 16); | |
| $medium = str_repeat("A", 65); | |
| $long = str_repeat("A", 1 << 20); | |
| $start = microtime(true); |
paragonie-scott
/ argon2id-bench.php
Last active
October 11, 2018 16:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| define('BENCH_ROUNDS', 100); | |
| $start = $stop = 0.0; | |
| $short = str_repeat("A", 16); | |
| $long = str_repeat("A", 65535); | |
| $start = microtime(true); | |
| for ($i = 0; $i < BENCH_ROUNDS; ++$i) { | |
| sodium_crypto_pwhash_str($short, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE); |
paragonie-scott
/ README.md
Last active
January 24, 2018 14:37
Peachpie Sodium_compat test/benchmarking scripts
scott@paragonie-test:~/dotnet$ php program.php
Time: 11.9136 seconds.
Doesn't build on Windows:
C:\Users\Scott\.nuget\packages\peachpie.net.sdk\0.9.0-ci00687\build\Peachpie.NET.Core.Sdk.targets(148,5): error MSB3073: The command "dotnet compile-php @obj\Debug\netcoreapp2.0\compile-php-args.rsp" exited with code -532462766. [D:\dotnet\dotnet.msbuildproj]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace ChronicleClient; | |
| use GuzzleHttp\Client; | |
| use ParagonIE\Chronicle\Chronicle; | |
| use ParagonIE\ConstantTime\Base64UrlSafe; | |
| use ParagonIE\Sapient\Adapter\Guzzle; | |
| use ParagonIE\Sapient\CryptographyKeys\{ | |
| SigningPublicKey, | |
| SigningSecretKey |
Let's say you have a file like this:
<?php
declare(strict_types=1);
class Foo
{
protected $x;
public function __construct(array $x = [])
paragonie-scott
/ sidh-seal.md
Last active
August 2, 2017 17:49
As far as I know, none of the existing post-quantum cryptography candidates offer a viable replacement
for libsodium's crypto_box_seal() functionality. That is: Anonymous public-key encryption.
An example for where this would be useful is encrypting credit card numbers in a database, but only being able to decrypt them with a key that is kept offline.
An attractive solution would be to use SIDH in place of ECDH, building a similar protocol (i.e. ECDH with one ephemeral keypair and one static keypair, then an authenticated cipher). However, as noted in this paper by Galbraith, et al., an active attack against SIDH with static keys is possible.