sodium_crypto_pwhash_str()
(PHP 7 >= 7.2.0)
Get an ASCII-encoded hash
说明
sodium_crypto_pwhash_str(string $password,int $opslimit,int $memlimit): string
Uses a CPU- and memory-hard hash algorithm along with a randomly-generated salt, and memory and CPU limits to generate an ASCII-encoded hash suitable for password storage.
参数
- $password
string; The password to generate a hash for.
- $opslimit
Represents a maximum amount of computations to perform. Raising this number will make the function require more CPU cycles to compute a key. There are constants available to set the operations limit to appropriate values depending on intended use, in order of strength:
SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE
,SODIUM_CRYPTO_PWHASH_OPSLIMIT_MODERATE
andSODIUM_CRYPTO_PWHASH_OPSLIMIT_SENSITIVE
.- $memlimit
The maximum amount of RAM that the function will use, in bytes. There are constants to help you choose an appropriate value, in order of size:
SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
,SODIUM_CRYPTO_PWHASH_MEMLIMIT_MODERATE
, andSODIUM_CRYPTO_PWHASH_MEMLIMIT_SENSITIVE
. Typically these should be paired with the matching opslimit values.
返回值
Returns the hashed password,或者在失败时返回FALSE
.
In order to produce the same password hash from the same password, the same values for$opslimitand$memlimitmust be used. These are embedded within the generated hash, so everything that's needed to verify the hash is included. This allows the sodium_crypto_pwhash_str_verify() function to verify the hash without needing separate storage for the other parameters.
注释
Note:Hashes are calculated using the Argon2ID algorithm, providing resistance to both GPU and side-channel attacks. In contrast to the password_hash() function, there is no salt parameter(a salt is generated automatically), and the$opslimitand$memlimitparameters are not optional.
范例
password_hash() example
<?php $password = 'password'; echo sodium_crypto_pwhash_str( $password, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE );
以上例程的输出类似于:
$argon2id$v=19$m=65536,t=2,p=1$oWIfdaXwWwhVmovOBc2NAQ$EbsZ+JnZyyavkafS0hoc4HdaOB0ILWZESAZ7kVGa+Iw
参见
sodium_crypto_pwhash_str_verify()
Verifies that a password matches a hashsodium_crypto_pwhash()
Derive a key from a passwordpassword_hash()
创建密码的散列(hash)password_verify()
验证密码是否和散列值匹配- » Libsodium Argon2 docs