PHP - Hash pbkdf2() Function
Definition and Usage
The hash_pbkdf2() function returns PBKDF2 key derivation for the given password.
The PBKDF2 stands for Password-Based Key Derivation Function 2. The PBKDF2 key derivation function makes use of pseudorandom function, such as hash-based message authentication code (HMAC) that is applied to the given password or message along with the salt and the process is iterated multiple times to get the key. It is mainly used to hash password and the PBKDF2 key derivation function is designed in such a way that it becomes difficult for the attacker to guess the original password hashed.
Syntax
hash_pbkdf2 ( string $algo , string $password , string $salt , int $iterations [ , int $length = 0 [, bool $raw_output = FALSE ] ] ) : string
Parameters
| Sr.No | Parameter & Description |
|---|---|
| 1 |
algo Name of the hashing algorithm. There is a big list of algorithm available with hash, some important ones are md5, sha256, etc. To get the full list of algorithms supported, check for hash_algos() |
| 2 |
password Password for which you need to generate PBKDF2 key derivation. |
| 3 |
salt The salt you want to use to derive the PBKDF2 key derivation. |
| 4 |
iterations The internal interations to be performed to get to the final derivation. |
| 5 |
length The final PBKDF2 key derivation length. If raw_output is TRUE, the derived key corresponds to the byte-length, if raw_output is FALSE, it will be twice the byte-length of the derived key |
| 6 |
raw_output If the raw_output is false, the output will be a string with lowercase hexits, if TRUE the output will be raw binary data. |
Return Values
The hash_pbkdf2() returns a string that has the derived key as lowercase hexits, if raw_output is false and if raw_output is set to TRUE the string will be raw binary representation of the derived key.
PHP Version
This function will work from PHP Version greater than 5.5.0.
Example 1
Using hash_pbkdf2() −
<?php
$password = "mypassword";
$iterations = 500;
$salt = 'testingkey';
$pbkdf2_hash = hash_pbkdf2("md5", $password, $salt, $iterations, 25);
echo $pbkdf2_hash;
?>
Output
This will produce the following result −
cb0130970bb39f6a95d193934
Example 2
Using hash_pbkdf2() with 1000 iterations −
<?php
$password = "mypassword";
$iterations = 1000;
$salt = openssl_random_pseudo_bytes(10); //generates pseudo-random string of bytes
$pbkdf2_hash = hash_pbkdf2("sha256", $password, $salt, $iterations, 10);
echo $pbkdf2_hash;
?>
Output
This will produce the following result −
0c31d20aa2
Example 3
Using hash_pbkdf2() with raw_output as true −
<?php
$password = "mypassword";
$iterations = 1000;
$salt = openssl_random_pseudo_bytes(10); //generates pseudo-random string of bytes
$pbkdf2_hash = hash_pbkdf2("sha256", $password, $salt, $iterations, 10, true);
echo $pbkdf2_hash;
?>
Example 4
Using hash_pbkdf2() with raw_output as true −
In the example will make use of base64_encode() PHP function that will convert the raw binary output from hash_pbkdf2() into a reabable string.
<?php
echo base64_encode(
hash_pbkdf2("sha256", 'passwordtest', openssl_random_pseudo_bytes(10), 5000, 10, true)
);
?>
Output
This will produce the following result −
2FogGKtZxmt4iQ==