moderndeveloperllc / scrypt
Class to generate scrypt password hashes that are compatible with the wg/scrypt Java implementation
Requires
- php: ^5.6 || ^7.0
- zendframework/zend-crypt: ^3.0
- zendframework/zend-math: ^3.0
Suggests
- ext-scrypt: This module will be excruciatingly slow without it.
This package is auto-updated.
Last update: 2024-10-09 14:04:22 UTC
README
Abandonware
Much like ZF2, this library is consigned to the history books. Use the much better and faster password_hash()
in PHP with the PASSWORD_ARGON2ID algorithm.
This class is an additional library (much like Zend\Crypt\Password\Bcrypt) used to generate scrypt password hashes that are compatible with the wg/scrypt Java implementation. While it uses Zend\Crypt\Key\Derivation\Scrypt, it also adds the parameters to the returned string that are required to compare password hashes. Also included is a function to check the type of hash on your passwords. Useful if you are transitioning gradually from bcrypt to scrypt hashes.
While this library uses two Zend Framework 2 modules (Crypt and Math), there should be no impediment to using this in other frameworks or projects that utilize composer.
Installing via Composer
Install composer in a common location or in your project:
curl -s http://getcomposer.org/installer | php
Create the composer.json file as follows:
{
"require": {
"moderndeveloperllc/scrypt" : "^1.0"
}
}
Run the composer installer:
php composer.phar install
Usage
Hash a password
<?php
use ModDev\Password\Scrypt;
$scrypt = new Scrypt();
$securePass = $scrypt->create('user password');
Check the hashed password against an user input
<?php
use ModDev\Password\Scrypt;
$scrypt = new Scrypt();
$securePass = 'the stored scrypt value';
$password = 'the password to check';
if ($scrypt->verify($password, $securePass)) {
echo "The password is correct! \n";
} else {
echo "The password is NOT correct.\n";
}
Optional Parameters
<?php
use ModDev\Password\Scrypt;
$scrypt = new Scrypt(array(
'cpuDifficulty' => 16384, //The CPU difficulty. Also called "N" in scrypt documentation. Must be a power of 2.
'memoryDifficulty' => 8, //The memory difficulty. Also called "r" in scrypt documentation.
'parallelDifficulty' => 1, //The parallel difficulty. Also called "p" in scrypt documentation.
'keyLength' => 32, //The key length. Must be greater or equal to 16.
));
Return the hash algorithm
<?php
use ModDev\Password\Scrypt;
$scrypt = new Scrypt();
$passwordhashType = $scrypt->getHashType($hashedPassword);
Check if the password needs rehashing
<?php
use ModDev\Password\Scrypt;
$scrypt = new Scrypt();
echo $scrypt->needsRehash($hashedPassword);