hash_pbkdf2
(PHP 5 >= 5.5.0, PHP 7)
hash_pbkdf2 — Generate a PBKDF2 key derivation of a supplied password
Description
hash_pbkdf2 ( string $algo , string $password , string $salt , int $iterations [, int $length = 0 [, bool $binary = false ]] ) : string
Parameters
-
algo -
Name of selected hashing algorithm (i.e.
md5,sha256,haval160,4, etc..) See hash_algos() for a list of supported algorithms. -
password -
The password to use for the derivation.
-
salt -
The salt to use for the derivation. This value should be generated randomly.
-
iterations -
The number of internal iterations to perform for the derivation.
-
length -
The length of the output string. If
binaryistruethis corresponds to the byte-length of the derived key, ifbinaryisfalsethis corresponds to twice the byte-length of the derived key (as every byte of the key is returned as two hexits).If
0is passed, the entire output of the supplied algorithm is used. -
binary -
When set to
true, outputs raw binary data.falseoutputs lowercase hexits.
Return Values
Returns a string containing the derived key as lowercase hexits unless binary is set to true in which case the raw binary representation of the derived key is returned.
Errors/Exceptions
An E_WARNING will be raised if the algorithm is unknown, the iterations parameter is less than or equal to 0, the length is less than 0 or the salt is too long (greater than INT_MAX - 4).
Changelog
| Version | Description |
|---|---|
| 7.2.0 | Usage of non-cryptographic hash functions (adler32, crc32, crc32b, fnv132, fnv1a32, fnv164, fnv1a64, joaat) was disabled. |
Examples
Example #1 hash_pbkdf2() example, basic usage
<?php
$password = "password";
$iterations = 1000;
// Generate a random IV using openssl_random_pseudo_bytes()
// random_bytes() or another suitable source of randomness
$salt = openssl_random_pseudo_bytes(16);
$hash = hash_pbkdf2("sha256", $password, $salt, $iterations, 20);
echo $hash;
?> The above example will output something similar to:
120fb6cffcf8b32c43e7
Notes
The PBKDF2 method can be used for hashing passwords for storage. However, it should be noted that password_hash() or crypt() with CRYPT_BLOWFISH are better suited for password storage.
See Also
- crypt() - One-way string hashing
- password_hash() - Creates a password hash
- hash() - Generate a hash value (message digest)
- hash_algos() - Return a list of registered hashing algorithms
- hash_init() - Initialize an incremental hashing context
- hash_hmac() - Generate a keyed hash value using the HMAC method
- hash_hmac_file() - Generate a keyed hash value using the HMAC method and the contents of a given file
- openssl_pbkdf2() - Generates a PKCS5 v2 PBKDF2 string
© 1997–2020 The PHP Documentation Group
Licensed under the Creative Commons Attribution License v3.0 or later.
https://www.php.net/manual/en/function.hash-pbkdf2.php