Rev 74 | Rev 76 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 74 | Rev 75 | ||
---|---|---|---|
Line 183... | Line 183... | ||
183 | for ($i=0; $i<$iterations; $i++) { |
183 | for ($i=0; $i<$iterations; $i++) { |
184 | // https://security.stackexchange.com/questions/149299/rounds-in-a-hashing-function |
184 | // https://security.stackexchange.com/questions/149299/rounds-in-a-hashing-function |
185 | $bin_hash = hash_hmac_ex($algo, $str_password, $bin_hash.$i, true); |
185 | $bin_hash = hash_hmac_ex($algo, $str_password, $bin_hash.$i, true); |
186 | } |
186 | } |
187 | } else if ($mode == PASSWORD_VTS_MCF1_MODE_PBKDF2) { |
187 | } else if ($mode == PASSWORD_VTS_MCF1_MODE_PBKDF2) { |
- | 188 | // Note: If $iterations=0, then hash_pbkdf2_ex() will correct it to the best value depending on $algo, see _vts_password_default_iterations(). |
|
188 | $bin_hash = hash_pbkdf2_ex($algo, $str_password, $str_salt, $iterations, 0, true); |
189 | $bin_hash = hash_pbkdf2_ex($algo, $str_password, $str_salt, $iterations, 0, true); |
189 | } else { |
190 | } else { |
190 | throw new Exception("Invalid VTS crypt version 1 mode. Expect sp, ps, sps, hmac, or pbkdf2."); |
191 | throw new Exception("Invalid VTS crypt version 1 mode. Expect sp, ps, sps, hmac, or pbkdf2."); |
191 | } |
192 | } |
192 | $bin_salt = $str_salt; |
193 | $bin_salt = $str_salt; |
Line 264... | Line 265... | ||
264 | function vts_password_get_info($hash) { |
265 | function vts_password_get_info($hash) { |
265 | if (vts_crypt_version($hash) == '1') { |
266 | if (vts_crypt_version($hash) == '1') { |
266 | // OID_MCF_VTS_V1 |
267 | // OID_MCF_VTS_V1 |
267 | $mcf = crypt_modular_format_decode($hash); |
268 | $mcf = crypt_modular_format_decode($hash); |
268 | 269 | ||
269 | //$options['salt_length'] = strlen($mcf['salt']); // Note: salt_length is not a MCF option! It's just a hint for vts_password_hash() |
270 | //$options['salt_length'] = strlen($mcf['salt']); // Note: salt_length is not an MCF option! It's just a hint for vts_password_hash() |
270 | 271 | ||
271 | if (!isset($mcf['params']['a'])) throw new Exception('Param "a" (algo) missing'); |
272 | if (!isset($mcf['params']['a'])) throw new Exception('Param "a" (algo) missing'); |
272 | $options['algo'] = $mcf['params']['a']; |
273 | $options['algo'] = $mcf['params']['a']; |
273 | 274 | ||
274 | if (!isset($mcf['params']['m'])) throw new Exception('Param "m" (mode) missing'); |
275 | if (!isset($mcf['params']['m'])) throw new Exception('Param "m" (mode) missing'); |
Line 403... | Line 404... | ||
403 | // Algorithms: PASSWORD_VTS_MCF1 |
404 | // Algorithms: PASSWORD_VTS_MCF1 |
404 | $ver = '1'; |
405 | $ver = '1'; |
405 | $algo = $options['algo']; |
406 | $algo = $options['algo']; |
406 | $mode = $options['mode']; |
407 | $mode = $options['mode']; |
407 | $iterations = $options['iterations']; |
408 | $iterations = $options['iterations']; |
408 | $salt_len = isset($options['salt_length']) ? $options['salt_length'] : 50; // Note: salt_length is not a MCF option! It's just a hint for vts_password_hash() |
409 | $salt_len = isset($options['salt_length']) ? $options['salt_length'] : 32; // Note: salt_length is not an MCF option! It's just a hint for vts_password_hash() |
409 | $salt = random_bytes_ex($salt_len, true, true); |
410 | $salt = random_bytes_ex($salt_len, true, true); |
410 | return vts_crypt_hash($algo, $password, $salt, $ver, $mode, $iterations); |
411 | return vts_crypt_hash($algo, $password, $salt, $ver, $mode, $iterations); |
411 | } else { |
412 | } else { |
412 | // Algorithms: PASSWORD_DEFAULT |
413 | // Algorithms: PASSWORD_DEFAULT |
413 | // PASSWORD_BCRYPT |
414 | // PASSWORD_BCRYPT |