forked from DomBlack/php-scrypt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathscrypt.php
109 lines (97 loc) · 2.96 KB
/
scrypt.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
<?php
/**
* This file contains wrapper and helper classes for the scrypt extension.
*
* PHP version 5
*
* @category Security
* @package Scrypt
* @author Dominic Black <thephenix@gmail.com>
* @license http://www.opensource.org/licenses/BSD-2-Clause BSD 2-Clause License
* @link http://github.com/DomBlack/php-scrypt
*/
/**
* This class abstracts away from scrypt module, allowing for easy use.
*
* Change the application pepper to something random for yourself.
*
* You can create a new hash for a password by calling Password::hash($password)
*
* You can check a password by calling Password::check($password, $hash)
*
* @category Security
* @package Scrypt
* @author Dominic Black <thephenix@gmail.com>
* @license http://www.opensource.org/licenses/BSD-2-Clause BSD 2-Clause License
* @link http://github.com/DomBlack/php-scrypt
*/
class Password
{
/**
* @var int The key length
*/
private static $_keyLength = 32;
/**
* @var An application pepper (set to null for none)
*/
private static $_pepper = 'qi$1IeXl?$Oa_ia7';
/**
* Generates a random salt
*
* @param int $length The length of the salt
*
* @return string The salt
*/
public static function generateSalt($length = 8)
{
$salt = '';
$possibleChars = '0123456789abcdefghijklmnopqrstuvwxyz';
$noOfChars = strlen($possibleChars) - 1;
for ($i = 0; $i < $length; $i++) {
$salt .= $possibleChars[mt_rand(0, $noOfChars)];
}
return $salt;
}
/**
* Create a password hash
*
* @param string $password The clear text password
* @param string $salt The salt to use, or null to generate a random one
* @param int $N The CPU difficultly (must be a power of 2, > 1)
* @param int $r The memory difficultly
* @param int $p The parallel difficultly
*
* @return string The hashed password
*/
public static function hash(
$password, $salt = false, $N = 16384, $r = 8, $p = 1
) {
if ($salt === false) {
$salt = self::generateSalt();
} else {
//Remove dollar signs from the salt, as we use that as a separator.
$salt = str_replace('$', '', $salt);
}
$hash = scrypt($password, self::$_pepper.$salt, $N, $r, $p, self::$_keyLength);
return $N.'$'.$r.'$'.$p.'$'.$salt.'$'.$hash;
}
/**
* Check a clear text password against a hash
*
* @param string $password The clear text password
* @param string $hash The hashed password
*
* @return boolean If the clear text matches
*/
public static function check($password, $hash)
{
list($N, $r, $p, $salt, $hash) = explode('$', $hash);
$calculated = scrypt(
$password, self::$_pepper.$salt,
$N, $r, $p,
self::$_keyLength
);
return ($calculated == $hash);
}
}
?>