Giuseppe: password hash - How does PHP's password

Saturday 15 March 2014

password hash - How does PHP's password_hash generate the salt? -

Hello as you will know that in recent versions PHP has created. The documentation says:

Abandoned, a random salt will be made and the default cost will be used

what kind of method to add salt Uses?

I'm interested because I want to know that salt has been made randomly so that when I accumulate my hashed password they always unique .

Salt is randomly made, they should be statistically unique.
How to see, check out. On Windows, it will try to use the php_win32_get_random_bytes () to generate the salt:
byte * iv_b = (byte * Buffer; If (php_win32_get_random_bytes (iv_b, raw_length) == SUCCESS) {buffer_widly = 1; } On Linux, it will try to read / dev / urandom to generate salt: int fd , N; Size_t read_bytes = 0; FD = Open ("/ dev / urandom", O_RDONLY); If (FD> = 0) {while (read_bytes & lt; raw_length) {n = reading (FD, buffer + reading_bite, raw_label - read_bite); If (n & lt; 0) {break; } Read_bytes + = (size_t) n; } Closed (FD); } If (read_bite> = raw_length) {buffer_valid = 1; } Then, after those two, if the buffer is not valid (not complete, it can be partial), note that it uses rand () to fill it This should never be used in practice, it is just a fallback: if (! Buffer_widid) {for (i = 0; i & lt; raw_length; i ++) {buffer [i ] ^ = (Four) (255.0 * php_rand (TSRMLS_C) / RAND_MAX); Now if your tea is not cup of tea, then the same logic and algorithms are implemented in PHP: $ buffer = ';; $ Raw_length = (int) ($ required_slt_lan * 3/4 + 1); $ Buffer_accept = incorrect; If (function_exists ('mcrypt_create_iv')) {$ buffer = mcrypt_create_iv ($ raw_length, MCRYPT_DEV_URANDOM); If ($ buffer) {$ buffer_valid = true; }} If ($ $ buffer_values & function_exists ('openssl_random_sese_bytes')) {$ buffer = openssl_random_pseudo_bytes ($ raw_length); If ($ buffer) {$ buffer_valid = true; }} If (! $ Buffer_value & is_readable ('/ dev / urandom')) {$ f = fopen ('/ dev / urandom', 'r'); $ Read = strlen ($ buffer); While ($ read = $ raw_length) {$ buffer_valid = true; }} If (! $ Buffer_accountable) strollon ($ buffer) & lt; $ raw_length) {$ bl = strollon ($ buffer); ($ I = 0; $ i & lt; $ raw_length; $ i ++) {If ($ i & lt; $ bl) {$ buffer [$ i] = $ Buffer [$ i] ^ chr (mt_rand (0 , 255)); } And {$ buffer. = Chr (mt_rand (0, 255)); }}} The only difference is if the PHP version will use the mcrypt or openssl if any are installed ... < / P>

Posted by Unknown at 03:22 Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest

No comments: Post a Comment