Rechercher une fonction PHP

sodium_crypto_pwhash_str

(PHP 7 >= 7.2.0)

sodium_crypto_pwhash_strGet an ASCII-encoded hash

Description

sodium_crypto_pwhash_str ( string $password , int $opslimit , int $memlimit ) : string

Uses a CPU- and memory-hard hash algorithm along with a randomly-generated salt, and memory and CPU limits to generate an ASCII-encoded hash suitable for password storage.

PHP: sodium_crypto_pwhash_str - Manual Home of Manuel PHP  Contents Haut

Parameters

password

string; The password to generate a hash for.

opslimit

Represents a maximum amount of computations to perform. Raising this number will make the function require more CPU cycles to compute a key. There are constants available to set the operations limit to appropriate values depending on intended use, in order of strength: SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE and SODIUM_CRYPTO_PWHASH_OPSLIMIT_SENSITIVE.

memlimit

The maximum amount of RAM that the function will use, in bytes. There are constants to help you choose an appropriate value, in order of size: SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE, and SODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE. Typically these should be paired with the matching opslimit values.

PHP: sodium_crypto_pwhash_str - Manual Home of Manuel PHP  Contents Haut

Return Values

Returns the hashed password, or FALSE on failure.

In order to produce the same password hash from the same password, the same values for opslimit and memlimit must be used. These are embedded within the generated hash, so everything that's needed to verify the hash is included. This allows the sodium_crypto_pwhash_str_verify() function to verify the hash without needing separate storage for the other parameters.

PHP: sodium_crypto_pwhash_str - Manual Home of Manuel PHP  Contents Haut

Notes

Note:

Hashes are calculated using the Argon2ID algorithm, providing resistance to both GPU and side-channel attacks. In contrast to the password_hash() function, there is no salt parameter (a salt is generated automatically), and the opslimit and memlimit parameters are not optional.

PHP: sodium_crypto_pwhash_str - Manual Home of Manuel PHP  Contents Haut

Examples

Example #1 password_hash() example

<?php
$password 
'password';
echo 
sodium_crypto_pwhash_str(
    
$password,
    
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE,
    
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
);

The above example will output something similar to:

$argon2id$v=19$m=65536,t=2,p=1$oWIfdaXwWwhVmovOBc2NAQ$EbsZ+JnZyyavkafS0hoc4HdaOB0ILWZESAZ7kVGa+Iw

PHP: sodium_crypto_pwhash_str - Manual Home of Manuel PHP  Contents Haut

See Also

Find a PHP function

English translation

You have asked to visit this site in English. For now, only the interface is translated, but not all the content yet.

If you want to help me in translations, your contribution is welcome. All you need to do is register on the site, and send me a message asking me to add you to the group of translators, which will give you the opportunity to translate the pages you want. A link at the bottom of each translated page indicates that you are the translator, and has a link to your profile.

Thank you in advance.

Document created the 30/01/2003, last modified the 26/10/2018
Source of the printed document:https://www.gaudry.be/en/php-rf-sodium-crypto-pwhash-str.html

The infobrol is a personal site whose content is my sole responsibility. The text is available under CreativeCommons license (BY-NC-SA). More info on the terms of use and the author.

References

  1. View the html document Language of the document:fr Manuel PHP : http://php.net

These references and links indicate documents consulted during the writing of this page, or which may provide additional information, but the authors of these sources can not be held responsible for the content of this page.
The author This site is solely responsible for the way in which the various concepts, and the freedoms that are taken with the reference works, are presented here. Remember that you must cross multiple source information to reduce the risk of errors.

Contents Haut