salt() публичный статический Метод

Blowfish and XDES are adaptive hashing algorithms. MD5 is not. Adaptive hashing algorithms are designed in such a way that when computers get faster, you can tune the algorithm to be slower by increasing the number of hash iterations, without introducing incompatibility with existing passwords. To pick an appropriate iteration count for adaptive algorithms, consider that the original DES crypt was designed to have the speed of 4 hashes per second on the hardware of that time. Slower than 4 hashes per second would probably dampen usability. Faster than 100 hashes per second is probably too fast. The defaults generate about 10 hashes per second using a dual-core 2.2GHz CPU. _Note 1_: this salt generator is different from naive salt implementations (e.g. md5(microtime())) in that it uses all of the available bits of entropy for the supplied salt method. _Note2_: this method should not be use to generate custom salts. Indeed, the resulting salts are prefixed with information expected by PHP's crypt(). To get an arbitrarily long, cryptographically strong salt consisting in random sequences of alpha numeric characters, use lithium\util\String::random() instead.
См. также: lithium\security\Password::hash()
См. также: lithium\security\Password::check()
См. также: lithium\util\String::random()
См. ссылку: http://php.net/function.crypt.php
См. ссылку: http://www.postgresql.org/docs/9.0/static/pgcrypto.html
public static salt ( string $type = null, integer $count = null ) : string
$type string The hash type. Optional. Defaults to the best available option. Supported values, along with their maximum password lengths, include: - `'bf'`: Blowfish (128 salt bits, max 72 chars) - `'xdes'`: XDES (24 salt bits, max 8 chars) - `'md5'`: MD5 (48 salt bits, unlimited length)
$count integer Optional. The base-2 logarithm of the iteration count, for adaptive algorithms. Defaults to: - `10` for Blowfish - `18` for XDES
Результат string The salt string.
Документация по классу Password
Пример #1
0
 /**
  * testPasswordMaxLength method
  */
 public function testPasswordMaxLength()
 {
     foreach (array('bf' => 72) as $method => $length) {
         $salt = Password::salt($method);
         $pass = str_repeat('a', $length);
         $this->assertIdentical(Password::hash($pass, $salt), Password::hash($pass . 'a', $salt));
     }
 }
Пример #2
0
 /**
  * Tests salting passwords with the MD5 algorithm.
  */
 public function testSaltMD5()
 {
     $this->skipIf(!CRYPT_MD5, 'MD5 is not supported.');
     $saltPattern = "{^\\\$1\\\$[0-9A-Za-z./]{8}\$}";
     $hashPattern = "{^\\\$1\\\$[0-9A-Za-z./]{8}\\\$[0-9A-Za-z./]{22}\$}";
     $salt = Password::salt('md5', null);
     $this->assertPattern($saltPattern, $salt);
     $this->assertNotEqual($salt, Password::salt('md5', null));
     $hash = Password::hash($this->_password, $salt);
     $hash2 = Password::hash($this->_password, Password::salt('md5', null));
     $this->assertPattern($hashPattern, $hash);
     $this->assertNotEqual($hash, $hash2);
 }