Blowfish and XDES are adaptive hashing algorithms. MD5 is not. Adaptive
hashing algorithms are designed in such a way that when computers get
faster, you can tune the algorithm to be slower by increasing the number
of hash iterations, without introducing incompatibility with existing
passwords.
To pick an appropriate iteration count for adaptive algorithms, consider
that the original DES crypt was designed to have the speed of 4 hashes
per second on the hardware of that time. Slower than 4 hashes per second
would probably dampen usability. Faster than 100 hashes per second is
probably too fast. The defaults generate about 10 hashes per second
using a dual-core 2.2GHz CPU.
_Note 1_: this salt generator is different from naive salt implementations
(e.g. md5(microtime())) in that it uses all of the available bits of
entropy for the supplied salt method.
_Note2_: this method should not be use to generate custom salts. Indeed,
the resulting salts are prefixed with information expected by PHP's
crypt(). To get an arbitrarily long, cryptographically strong salt
consisting in random sequences of alpha numeric characters, use
lithium\util\String::random() instead.
public static salt ( string $type = null, integer $count = null ) : string | ||
$type | string | The hash type. Optional. Defaults to the best available option. Supported values, along with their maximum password lengths, include: - `'bf'`: Blowfish (128 salt bits, max 72 chars) - `'xdes'`: XDES (24 salt bits, max 8 chars) - `'md5'`: MD5 (48 salt bits, unlimited length) |
$count | integer | Optional. The base-2 logarithm of the iteration count, for adaptive algorithms. Defaults to: - `10` for Blowfish - `18` for XDES |
return | string | The salt string. |