$t0 = microtime(true); for ($i = 0; $i < $imax; ++$i) { $tmp = Crypt2007::crypt_sha512($password, $count, $salt, false); } $t1 = microtime(true); print "crypt_sha512 php\t{$count}\t" . $imax / ($t1 - $t0) . " RPS\n"; $count = 5000; $t0 = microtime(true); for ($i = 0; $i < $imax; ++$i) { $tmp = Crypt2007::crypt_sha256($password, $count, $salt, true); } $t1 = microtime(true); print "crypt_sha256 native\t{$count}\t" . $imax / ($t1 - $t0) . " RPS\n"; $t0 = microtime(true); for ($i = 0; $i < $imax; ++$i) { $tmp = Crypt2007::crypt_sha256($password, $count, $salt, false); } $t1 = microtime(true); print "crypt_sha256 php\t{$count}\t" . $imax / ($t1 - $t0) . " RPS\n"; } // $hash_cost_log2 = 7; $hash_portable = false; $t0 = microtime(true); $hasher = new PasswordHash($hash_cost_log2, $hash_portable); for ($i = 0; $i < $imax; ++$i) { $hash = $hasher->HashPassword($password); } // $2a$ print "{$hash}\n"; $t1 = microtime(true);
function testValidate() { $expected = '$5$rounds=5000$saltstring$5B8vYYiY.CVt1RlTTf8KbXBH3hsxY/GNooZaBBGWEc5'; $actual = Crypt2007::crypt_sha256('Hello world!', 5000, 'saltstring', true); $this->assertEquals($expected, $actual); $this->assertTrue(Crypt2007::validate('Hello world!', $expected, true)); $this->assertFalse(Crypt2007::validate('Goodbye world!', $expected, true)); $this->assertTrue(Crypt2007::validate('Hello world!', $expected, false)); $this->assertFalse(Crypt2007::validate('Goodbye world!', $expected, false)); $expected = '$6$rounds=5000$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1'; $actual = Crypt2007::crypt_sha512('Hello world!', 5000, 'saltstring', true); $this->assertEquals($expected, $actual); $this->assertTrue(Crypt2007::validate('Hello world!', $expected, true)); $this->assertFalse(Crypt2007::validate('Goodbye world!', $expected, true)); $this->assertTrue(Crypt2007::validate('Hello world!', $expected, false)); $this->assertFalse(Crypt2007::validate('Goodbye world!', $expected, false)); // negative cases // unknown algorithm $expected = '$1$rounds=5000$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1'; $this->assertFalse(Crypt2007::validate('Hello world!', $expected, false)); // not enought '$' $expected = '$6$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1'; $this->assertFalse(Crypt2007::validate('Hello world!', $expected, false)); // rounds are too low $expected = '$6$round=999$saltstring$svn8UoSVapNtMuq1ukKS4tPQd8iKwSMHWjl/O817G3uBnIFNjnQJuesI68u4OTLiBFdcbYEdFCoEOfaS35inz1'; $this->assertFalse(Crypt2007::validate('Hello world!', $expected, false)); }