HASH_PBKDF2(3) 1 HASH_PBKDF2(3)
hash_pbkdf2 - Generate a PBKDF2 key derivation of a supplied password
SYNOPSIS
string hash_pbkdf2 (string $algo, string $password, string $salt, int $iterations, [int $length], [bool $raw_output = false])
DESCRIPTION
PARAMETERS
o $algo
- Name of selected hashing algorithm (i.e. md5, sha256, haval160,4, etc..) See hash_algos(3) for a list of supported algorithms.
o $password
- The password to use for the derivation.
o $salt
- The salt to use for the derivation. This value should be generated randomly.
o $iterations
- The number of internal iterations to perform for the derivation.
o $length
- The length of the output string. If $raw_output is TRUE this corresponds to the byte-length of the derived key, if $raw_output
is FALSE this corresponds to twice the byte-length of the derived key (as every byte of the key is returned as two hexits). If 0
is passed, the entire output of the supplied algorithm is used.
o $raw_output
- When set to TRUE, outputs raw binary data. FALSE outputs lowercase hexits.
RETURN VALUES
Returns a string containing the derived key as lowercase hexits unless $raw_output is set to TRUE in which case the raw binary representa-
tion of the derived key is returned.
ERRORS
/EXCEPTIONS
An E_WARNING will be raised if the algorithm is unknown, the $iterations parameter is less than or equal to 0, the $length is less than 0
or the $salt is too long (greater than INT_MAX
- 4).
EXAMPLES
Example #1
hash_pbkdf2(3) example, basic usage
<?php
$password = "password";
$iterations = 1000;
// Generate a random IV using mcrypt_create_iv(),
// openssl_random_pseudo_bytes() or another suitable source of randomness
$salt = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
$hash = hash_pbkdf2("sha256", $password, $salt, $iterations, 20);
echo $hash;
?>
The above example will output something similar to:
120fb6cffcf8b32c43e7
NOTES
Caution
The PBKDF2 method can be used for hashing passwords for storage. However, it should be noted that password_hash(3) or crypt(3) with
CRYPT_BLOWFISH are better suited for password storage.
SEE ALSO
crypt(3), password_hash(3), hash(3), hash_algos(3), hash_init(3), hash_hmac(3), hash_hmac_file(3).
PHP Documentation Group HASH_PBKDF2(3)