Example code for How to Safely Store a Password in 2016.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/original.txt b/translated.txt | |
index 3ad4249..9cf4d1f 100755 | |
--- a/original.txt | |
+++ b/translated.txt | |
@@ -1,151 +1,151 @@ | |
import random | |
tests = [ | |
- 'example', | |
- 'gcddegree', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
define('BENCH_ROUNDS', 200); | |
$start = $stop = 0.0; | |
$short = str_repeat("A", 16); | |
$long = str_repeat("A", 1 << 20); | |
$start = microtime(true); | |
for ($i = 0; $i < BENCH_ROUNDS; ++$i) { | |
sodium_crypto_pwhash_str($short, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
function hashPbkdf2($algorithm, $password, $salt, $iterations, $length = 0) | |
{ | |
// Number of blocks needed to create the derived key | |
$blocks = ceil($length / strlen(hash($algorithm, null, true))); | |
$digest = ''; | |
$length = strlen(hash($algorithm, '', true)); | |
if (strlen($password) > $length) { | |
$password = hash($algorithm, $password, true); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
define('BENCH_ROUNDS', 200); | |
$start = $stop = 0.0; | |
$salt = random_bytes(32); | |
$short = str_repeat("A", 16); | |
$medium = str_repeat("A", 65); | |
$long = str_repeat("A", 1 << 20); | |
$start = microtime(true); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
define('BENCH_ROUNDS', 100); | |
$start = $stop = 0.0; | |
$short = str_repeat("A", 16); | |
$long = str_repeat("A", 65535); | |
$start = microtime(true); | |
for ($i = 0; $i < BENCH_ROUNDS; ++$i) { | |
sodium_crypto_pwhash_str($short, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE); |
scott@paragonie-test:~/dotnet$ php program.php
Time: 11.9136 seconds.
Doesn't build on Windows:
C:\Users\Scott\.nuget\packages\peachpie.net.sdk\0.9.0-ci00687\build\Peachpie.NET.Core.Sdk.targets(148,5): error MSB3073: The command "dotnet compile-php @obj\Debug\netcoreapp2.0\compile-php-args.rsp" exited with code -532462766. [D:\dotnet\dotnet.msbuildproj]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
namespace ChronicleClient; | |
use GuzzleHttp\Client; | |
use ParagonIE\Chronicle\Chronicle; | |
use ParagonIE\ConstantTime\Base64UrlSafe; | |
use ParagonIE\Sapient\Adapter\Guzzle; | |
use ParagonIE\Sapient\CryptographyKeys\{ | |
SigningPublicKey, | |
SigningSecretKey |
Let's say you have a file like this:
<?php
declare(strict_types=1);
class Foo
{
protected $x;
public function __construct(array $x = [])
As far as I know, none of the existing post-quantum cryptography candidates offer a viable replacement
for libsodium's crypto_box_seal()
functionality. That is: Anonymous public-key encryption.
An example for where this would be useful is encrypting credit card numbers in a database, but only being able to decrypt them with a key that is kept offline.
An attractive solution would be to use SIDH in place of ECDH, building a similar protocol (i.e. ECDH with one ephemeral keypair and one static keypair, then an authenticated cipher). However, as noted in this paper by Galbraith, et al., an active attack against SIDH with static keys is possible.