<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Generate a PBKDF2 key derivation of a supplied password</title>
</head>
<body><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="function.hash-init.html">hash_init</a></div>
<div class="next" style="text-align: right; float: right;"><a href="function.hash-update-file.html">hash_update_file</a></div>
<div class="up"><a href="ref.hash.html">Hash Functions</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="function.hash-pbkdf2" class="refentry">
<div class="refnamediv">
<h1 class="refname">hash_pbkdf2</h1>
<p class="verinfo">(PHP 5 >= 5.5.0)</p><p class="refpurpose"><span class="refname">hash_pbkdf2</span> — <span class="dc-title">Generate a PBKDF2 key derivation of a supplied password</span></p>
</div>
<div class="refsect1 description" id="refsect1-function.hash-pbkdf2-description">
<h3 class="title">Description</h3>
<div class="methodsynopsis dc-description">
<span class="type">string</span> <span class="methodname"><strong>hash_pbkdf2</strong></span>
( <span class="methodparam"><span class="type">string</span> <code class="parameter">$algo</code></span>
, <span class="methodparam"><span class="type">string</span> <code class="parameter">$password</code></span>
, <span class="methodparam"><span class="type">string</span> <code class="parameter">$salt</code></span>
, <span class="methodparam"><span class="type">int</span> <code class="parameter">$iterations</code></span>
[, <span class="methodparam"><span class="type">int</span> <code class="parameter">$length</code><span class="initializer"> = 0</span></span>
[, <span class="methodparam"><span class="type">bool</span> <code class="parameter">$raw_output</code><span class="initializer"> = false</span></span>
]] )</div>
</div>
<div class="refsect1 parameters" id="refsect1-function.hash-pbkdf2-parameters">
<h3 class="title">Parameters</h3>
<p class="para">
<dl>
<dt>
<span class="term"><em><code class="parameter">algo</code></em></span>
<dd>
<p class="para">
Name of selected hashing algorithm (i.e. <em>md5</em>,
<em>sha256</em>, <em>haval160,4</em>, etc..) See
<span class="function"><a href="function.hash-algos.html" class="function">hash_algos()</a></span> for a list of supported algorithms.
</p>
</dd>
</dt>
<dt>
<span class="term"><em><code class="parameter">password</code></em></span>
<dd>
<p class="para">
The password to use for the derivation.
</p>
</dd>
</dt>
<dt>
<span class="term"><em><code class="parameter">salt</code></em></span>
<dd>
<p class="para">
The salt to use for the derivation. This value should be generated randomly.
</p>
</dd>
</dt>
<dt>
<span class="term"><em><code class="parameter">iterations</code></em></span>
<dd>
<p class="para">
The number of internal iterations to perform for the derivation.
</p>
</dd>
</dt>
<dt>
<span class="term"><em><code class="parameter">length</code></em></span>
<dd>
<p class="para">
The length of the output string. If <em><code class="parameter">raw_output</code></em>
is <strong><code>TRUE</code></strong> this corresponds to the byte-length of the derived key, if
<em><code class="parameter">raw_output</code></em> is <strong><code>FALSE</code></strong> this corresponds to twice the
byte-length of the derived key (as every byte of the key is returned as
two hexits).
</p>
<p class="para">
If <em>0</em> is passed, the entire output of the supplied
algorithm is used.
</p>
</dd>
</dt>
<dt>
<span class="term"><em><code class="parameter">raw_output</code></em></span>
<dd>
<p class="para">
When set to <strong><code>TRUE</code></strong>, outputs raw binary data. <strong><code>FALSE</code></strong> outputs lowercase
hexits.
</p>
</dd>
</dt>
</dl>
</p>
</div>
<div class="refsect1 returnvalues" id="refsect1-function.hash-pbkdf2-returnvalues">
<h3 class="title">Return Values</h3>
<p class="para">
Returns a string containing the derived key as lowercase hexits unless
<em><code class="parameter">raw_output</code></em> is set to <strong><code>TRUE</code></strong> in which case the raw
binary representation of the derived key is returned.
</p>
</div>
<div class="refsect1 errors" id="refsect1-function.hash-pbkdf2-errors">
<h3 class="title">Errors/Exceptions</h3>
<p class="para">
An <strong><code>E_WARNING</code></strong> will be raised if the algorithm is
unknown, the <em><code class="parameter">iterations</code></em> parameter is less than or
equal to <em>0</em>, the <em><code class="parameter">length</code></em> is less
than <em>0</em> or the <em><code class="parameter">salt</code></em> is too long
(greater than <strong><code>INT_MAX</code></strong><em> - 4</em>).
</p>
</div>
<div class="refsect1 examples" id="refsect1-function.hash-pbkdf2-examples">
<h3 class="title">Examples</h3>
<p class="para">
<div class="example" id="example-835">
<p><strong>Example #1 <span class="function"><strong>hash_pbkdf2()</strong></span> example, basic usage</strong></p>
<div class="example-contents">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB"><?php<br />$password </span><span style="color: #007700">= </span><span style="color: #DD0000">"password"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$iterations </span><span style="color: #007700">= </span><span style="color: #0000BB">1000</span><span style="color: #007700">;<br /><br /></span><span style="color: #FF8000">// Generate a random IV using mcrypt_create_iv(),<br />// openssl_random_pseudo_bytes() or another suitable source of randomness<br /></span><span style="color: #0000BB">$salt </span><span style="color: #007700">= </span><span style="color: #0000BB">mcrypt_create_iv</span><span style="color: #007700">(</span><span style="color: #0000BB">16</span><span style="color: #007700">, </span><span style="color: #0000BB">MCRYPT_DEV_URANDOM</span><span style="color: #007700">);<br /><br /></span><span style="color: #0000BB">$hash </span><span style="color: #007700">= </span><span style="color: #0000BB">hash_pbkdf2</span><span style="color: #007700">(</span><span style="color: #DD0000">"sha256"</span><span style="color: #007700">, </span><span style="color: #0000BB">$password</span><span style="color: #007700">, </span><span style="color: #0000BB">$salt</span><span style="color: #007700">, </span><span style="color: #0000BB">$iterations</span><span style="color: #007700">, </span><span style="color: #0000BB">20</span><span style="color: #007700">);<br />echo </span><span style="color: #0000BB">$hash</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">?></span>
</span>
</code></div>
</div>
<div class="example-contents"><p>The above example will output
something similar to:</p></div>
<div class="example-contents screen">
<div class="cdata"><pre>
120fb6cffcf8b32c43e7
</pre></div>
</div>
</div>
</p>
</div>
<div class="refsect1 notes" id="refsect1-function.hash-pbkdf2-notes">
<h3 class="title">Notes</h3>
<div class="caution"><strong class="caution">Caution</strong>
<p class="para">
The PBKDF2 method can be used for hashing passwords for storage. However, it
should be noted that <span class="function"><a href="function.password-hash.html" class="function">password_hash()</a></span> or
<span class="function"><a href="function.crypt.html" class="function">crypt()</a></span> with <strong><code>CRYPT_BLOWFISH</code></strong> are
better suited for password storage.
</p>
</div>
</div>
<div class="refsect1 seealso" id="refsect1-function.hash-pbkdf2-seealso">
<h3 class="title">See Also</h3>
<p class="para">
<ul class="simplelist">
<li class="member"> <span class="function"><a href="function.crypt.html" class="function" rel="rdfs-seeAlso">crypt()</a> - One-way string hashing</span></li>
<li class="member"> <span class="function"><a href="function.password-hash.html" class="function" rel="rdfs-seeAlso">password_hash()</a> - Creates a password hash</span></li>
<li class="member"> <span class="function"><a href="function.hash.html" class="function" rel="rdfs-seeAlso">hash()</a> - Generate a hash value (message digest)</span></li>
<li class="member"> <span class="function"><a href="function.hash-algos.html" class="function" rel="rdfs-seeAlso">hash_algos()</a> - Return a list of registered hashing algorithms</span></li>
<li class="member"> <span class="function"><a href="function.hash-init.html" class="function" rel="rdfs-seeAlso">hash_init()</a> - Initialize an incremental hashing context</span></li>
<li class="member"> <span class="function"><a href="function.hash-hmac.html" class="function" rel="rdfs-seeAlso">hash_hmac()</a> - Generate a keyed hash value using the HMAC method</span></li>
<li class="member"> <span class="function"><a href="function.hash-hmac-file.html" class="function" rel="rdfs-seeAlso">hash_hmac_file()</a> - Generate a keyed hash value using the HMAC method and the contents of a given file</span></li>
</ul>
</p>
</div>
</div><hr /><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="function.hash-init.html">hash_init</a></div>
<div class="next" style="text-align: right; float: right;"><a href="function.hash-update-file.html">hash_update_file</a></div>
<div class="up"><a href="ref.hash.html">Hash Functions</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
