hash_pbkdf2
(PHP 5 >= 5.5.0, PHP 7, PHP 8)
hash_pbkdf2 — Generate a PBKDF2 key derivation of a supplied password
Description
string
$algo,string
$password,string
$salt,int
$iterations,int
$length = 0,bool
$binary = false): string
Parameters
-
algo -
Name of selected hashing algorithm (i.e.
md5,sha256,haval160,4, etc..) See hash_algos() for a list of supported algorithms. -
password -
The password to use for the derivation.
-
salt -
The salt to use for the derivation. This value should be generated randomly.
-
iterations -
The number of internal iterations to perform for the derivation.
-
length -
The length of the output string. If
binaryistruethis corresponds to the byte-length of the derived key, ifbinaryisfalsethis corresponds to twice the byte-length of the derived key (as every byte of the key is returned as two hexits).If
0is passed, the entire output of the supplied algorithm is used. -
binary -
When set to
true, outputs raw binary data.falseoutputs lowercase hexits.
Return Values
Returns a string containing the derived key as lowercase hexits unless
binary is set to true in which case the raw
binary representation of the derived key is returned.
Errors/Exceptions
An E_WARNING will be raised if the algorithm is
unknown, the iterations parameter is less than or
equal to 0, the length is less
than 0 or the salt is too long
(greater than INT_MAX - 4).
Changelog
| Version | Description |
|---|---|
| 7.2.0 | Usage of non-cryptographic hash functions (adler32, crc32, crc32b, fnv132, fnv1a32, fnv164, fnv1a64, joaat) was disabled. |
Examples
Example #1 hash_pbkdf2() example, basic usage
<?php
$password = "password";
$iterations = 1000;
// Generate a random IV using openssl_random_pseudo_bytes()
// random_bytes() or another suitable source of randomness
$salt = openssl_random_pseudo_bytes(16);
$hash = hash_pbkdf2("sha256", $password, $salt, $iterations, 20);
var_dump($hash);
// for raw binary, the $length needs to be halved for equivalent results
$hash = hash_pbkdf2("sha256", $password, $salt, $iterations, 10, true);
var_dump(bin2hex($hash));?>
The above example will output something similar to:
string(20) "120fb6cffcf8b32c43e7" string(20) "120fb6cffcf8b32c43e7"
Notes
The PBKDF2 method can be used for hashing passwords for storage. However, it
should be noted that password_hash() or
crypt() with CRYPT_BLOWFISH are
better suited for password storage.
See Also
- crypt() - One-way string hashing
- password_hash() - Creates a password hash
- hash() - Generate a hash value (message digest)
- hash_algos() - Return a list of registered hashing algorithms
- hash_init() - Initialize an incremental hashing context
- hash_hmac() - Generate a keyed hash value using the HMAC method
- hash_hmac_file() - Generate a keyed hash value using the HMAC method and the contents of a given file
- openssl_pbkdf2() - Generates a PKCS5 v2 PBKDF2 string
