<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Generate a PBKDF2 key derivation of a supplied password</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.hash-init.html">hash_init</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.hash-update-file.html">hash_update_file</a></div> <div class="up"><a href="ref.hash.html">Hash Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="function.hash-pbkdf2" class="refentry"> <div class="refnamediv"> <h1 class="refname">hash_pbkdf2</h1> <p class="verinfo">(PHP 5 >= 5.5.0)</p><p class="refpurpose"><span class="refname">hash_pbkdf2</span> — <span class="dc-title">Generate a PBKDF2 key derivation of a supplied password</span></p> </div> <div class="refsect1 description" id="refsect1-function.hash-pbkdf2-description"> <h3 class="title">Description</h3> <div class="methodsynopsis dc-description"> <span class="type">string</span> <span class="methodname"><strong>hash_pbkdf2</strong></span> ( <span class="methodparam"><span class="type">string</span> <code class="parameter">$algo</code></span> , <span class="methodparam"><span class="type">string</span> <code class="parameter">$password</code></span> , <span class="methodparam"><span class="type">string</span> <code class="parameter">$salt</code></span> , <span class="methodparam"><span class="type">int</span> <code class="parameter">$iterations</code></span> [, <span class="methodparam"><span class="type">int</span> <code class="parameter">$length</code><span class="initializer"> = 0</span></span> [, <span class="methodparam"><span class="type">bool</span> <code class="parameter">$raw_output</code><span class="initializer"> = false</span></span> ]] )</div> </div> <div class="refsect1 parameters" id="refsect1-function.hash-pbkdf2-parameters"> <h3 class="title">Parameters</h3> <p class="para"> <dl> <dt> <span class="term"><em><code class="parameter">algo</code></em></span> <dd> <p class="para"> Name of selected hashing algorithm (i.e. <em>md5</em>, <em>sha256</em>, <em>haval160,4</em>, etc..) See <span class="function"><a href="function.hash-algos.html" class="function">hash_algos()</a></span> for a list of supported algorithms. </p> </dd> </dt> <dt> <span class="term"><em><code class="parameter">password</code></em></span> <dd> <p class="para"> The password to use for the derivation. </p> </dd> </dt> <dt> <span class="term"><em><code class="parameter">salt</code></em></span> <dd> <p class="para"> The salt to use for the derivation. This value should be generated randomly. </p> </dd> </dt> <dt> <span class="term"><em><code class="parameter">iterations</code></em></span> <dd> <p class="para"> The number of internal iterations to perform for the derivation. </p> </dd> </dt> <dt> <span class="term"><em><code class="parameter">length</code></em></span> <dd> <p class="para"> The length of the output string. If <em><code class="parameter">raw_output</code></em> is <strong><code>TRUE</code></strong> this corresponds to the byte-length of the derived key, if <em><code class="parameter">raw_output</code></em> is <strong><code>FALSE</code></strong> this corresponds to twice the byte-length of the derived key (as every byte of the key is returned as two hexits). </p> <p class="para"> If <em>0</em> is passed, the entire output of the supplied algorithm is used. </p> </dd> </dt> <dt> <span class="term"><em><code class="parameter">raw_output</code></em></span> <dd> <p class="para"> When set to <strong><code>TRUE</code></strong>, outputs raw binary data. <strong><code>FALSE</code></strong> outputs lowercase hexits. </p> </dd> </dt> </dl> </p> </div> <div class="refsect1 returnvalues" id="refsect1-function.hash-pbkdf2-returnvalues"> <h3 class="title">Return Values</h3> <p class="para"> Returns a string containing the derived key as lowercase hexits unless <em><code class="parameter">raw_output</code></em> is set to <strong><code>TRUE</code></strong> in which case the raw binary representation of the derived key is returned. </p> </div> <div class="refsect1 errors" id="refsect1-function.hash-pbkdf2-errors"> <h3 class="title">Errors/Exceptions</h3> <p class="para"> An <strong><code>E_WARNING</code></strong> will be raised if the algorithm is unknown, the <em><code class="parameter">iterations</code></em> parameter is less than or equal to <em>0</em>, the <em><code class="parameter">length</code></em> is less than <em>0</em> or the <em><code class="parameter">salt</code></em> is too long (greater than <strong><code>INT_MAX</code></strong><em> - 4</em>). </p> </div> <div class="refsect1 examples" id="refsect1-function.hash-pbkdf2-examples"> <h3 class="title">Examples</h3> <p class="para"> <div class="example" id="example-835"> <p><strong>Example #1 <span class="function"><strong>hash_pbkdf2()</strong></span> example, basic usage</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> <span style="color: #0000BB"><?php<br />$password </span><span style="color: #007700">= </span><span style="color: #DD0000">"password"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$iterations </span><span style="color: #007700">= </span><span style="color: #0000BB">1000</span><span style="color: #007700">;<br /><br /></span><span style="color: #FF8000">// Generate a random IV using mcrypt_create_iv(),<br />// openssl_random_pseudo_bytes() or another suitable source of randomness<br /></span><span style="color: #0000BB">$salt </span><span style="color: #007700">= </span><span style="color: #0000BB">mcrypt_create_iv</span><span style="color: #007700">(</span><span style="color: #0000BB">16</span><span style="color: #007700">, </span><span style="color: #0000BB">MCRYPT_DEV_URANDOM</span><span style="color: #007700">);<br /><br /></span><span style="color: #0000BB">$hash </span><span style="color: #007700">= </span><span style="color: #0000BB">hash_pbkdf2</span><span style="color: #007700">(</span><span style="color: #DD0000">"sha256"</span><span style="color: #007700">, </span><span style="color: #0000BB">$password</span><span style="color: #007700">, </span><span style="color: #0000BB">$salt</span><span style="color: #007700">, </span><span style="color: #0000BB">$iterations</span><span style="color: #007700">, </span><span style="color: #0000BB">20</span><span style="color: #007700">);<br />echo </span><span style="color: #0000BB">$hash</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">?></span> </span> </code></div> </div> <div class="example-contents"><p>The above example will output something similar to:</p></div> <div class="example-contents screen"> <div class="cdata"><pre> 120fb6cffcf8b32c43e7 </pre></div> </div> </div> </p> </div> <div class="refsect1 notes" id="refsect1-function.hash-pbkdf2-notes"> <h3 class="title">Notes</h3> <div class="caution"><strong class="caution">Caution</strong> <p class="para"> The PBKDF2 method can be used for hashing passwords for storage. However, it should be noted that <span class="function"><a href="function.password-hash.html" class="function">password_hash()</a></span> or <span class="function"><a href="function.crypt.html" class="function">crypt()</a></span> with <strong><code>CRYPT_BLOWFISH</code></strong> are better suited for password storage. </p> </div> </div> <div class="refsect1 seealso" id="refsect1-function.hash-pbkdf2-seealso"> <h3 class="title">See Also</h3> <p class="para"> <ul class="simplelist"> <li class="member"> <span class="function"><a href="function.crypt.html" class="function" rel="rdfs-seeAlso">crypt()</a> - One-way string hashing</span></li> <li class="member"> <span class="function"><a href="function.password-hash.html" class="function" rel="rdfs-seeAlso">password_hash()</a> - Creates a password hash</span></li> <li class="member"> <span class="function"><a href="function.hash.html" class="function" rel="rdfs-seeAlso">hash()</a> - Generate a hash value (message digest)</span></li> <li class="member"> <span class="function"><a href="function.hash-algos.html" class="function" rel="rdfs-seeAlso">hash_algos()</a> - Return a list of registered hashing algorithms</span></li> <li class="member"> <span class="function"><a href="function.hash-init.html" class="function" rel="rdfs-seeAlso">hash_init()</a> - Initialize an incremental hashing context</span></li> <li class="member"> <span class="function"><a href="function.hash-hmac.html" class="function" rel="rdfs-seeAlso">hash_hmac()</a> - Generate a keyed hash value using the HMAC method</span></li> <li class="member"> <span class="function"><a href="function.hash-hmac-file.html" class="function" rel="rdfs-seeAlso">hash_hmac_file()</a> - Generate a keyed hash value using the HMAC method and the contents of a given file</span></li> </ul> </p> </div> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.hash-init.html">hash_init</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.hash-update-file.html">hash_update_file</a></div> <div class="up"><a href="ref.hash.html">Hash Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>