hash_pbkdf2
(PHP 5 >= 5.5.0, PHP 7, PHP 8)
hash_pbkdf2 — Generate a PBKDF2 key derivation of a supplied password
Description
string
$algo
,string
$password
,string
$salt
,int
$iterations
,int
$length
= 0,bool
$binary
= false
): string
Parameters
-
algo
-
Name of selected hashing algorithm (i.e.
md5
,sha256
,haval160,4
, etc..) See hash_algos() for a list of supported algorithms. -
password
-
The password to use for the derivation.
-
salt
-
The salt to use for the derivation. This value should be generated randomly.
-
iterations
-
The number of internal iterations to perform for the derivation.
-
length
-
The length of the output string. If
binary
istrue
this corresponds to the byte-length of the derived key, ifbinary
isfalse
this corresponds to twice the byte-length of the derived key (as every byte of the key is returned as two hexits).If
0
is passed, the entire output of the supplied algorithm is used. -
binary
-
When set to
true
, outputs raw binary data.false
outputs lowercase hexits.
Return Values
Returns a string containing the derived key as lowercase hexits unless
binary
is set to true
in which case the raw
binary representation of the derived key is returned.
Errors/Exceptions
An E_WARNING
will be raised if the algorithm is
unknown, the iterations
parameter is less than or
equal to 0
, the length
is less
than 0
or the salt
is too long
(greater than INT_MAX
- 4
).
Changelog
Version | Description |
---|---|
7.2.0 | Usage of non-cryptographic hash functions (adler32, crc32, crc32b, fnv132, fnv1a32, fnv164, fnv1a64, joaat) was disabled. |
Examples
Example #1 hash_pbkdf2() example, basic usage
<?php
$password = "password";
$iterations = 1000;
// Generate a random IV using openssl_random_pseudo_bytes()
// random_bytes() or another suitable source of randomness
$salt = openssl_random_pseudo_bytes(16);
$hash = hash_pbkdf2("sha256", $password, $salt, $iterations, 20);
var_dump($hash);
// for raw binary, the $length needs to be halved for equivalent results
$hash = hash_pbkdf2("sha256", $password, $salt, $iterations, 10, true);
var_dump(bin2hex($hash));?>
The above example will output something similar to:
string(20) "120fb6cffcf8b32c43e7" string(20) "120fb6cffcf8b32c43e7"
Notes
The PBKDF2 method can be used for hashing passwords for storage. However, it
should be noted that password_hash() or
crypt() with CRYPT_BLOWFISH
are
better suited for password storage.
See Also
- crypt() - One-way string hashing
- password_hash() - Creates a password hash
- hash() - Generate a hash value (message digest)
- hash_algos() - Return a list of registered hashing algorithms
- hash_init() - Initialize an incremental hashing context
- hash_hmac() - Generate a keyed hash value using the HMAC method
- hash_hmac_file() - Generate a keyed hash value using the HMAC method and the contents of a given file
- openssl_pbkdf2() - Generates a PKCS5 v2 PBKDF2 string