/**
* Hash then encrypt a password
*
* @param string $password - The user's password
* @param EncryptionKey $secret_key - The master key for all passwords
* @return string
*/
public static function hash(string $password, EncryptionKey $secret_key) : string
{
// First, let's calculate the hash
$hashed = \Sodium\crypto_pwhash_str($password, \Sodium\CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, \Sodium\CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE);
// Now let's encrypt the result
return Crypto::encrypt($hashed, $secret_key);
}
/**
* Hash then encrypt a password
*
* @param HiddenString $password The user's password
* @param EncryptionKey $secretKey The master key for all passwords
* @param string $level The security level for this password
* @return string An encrypted hash to store
*/
public static function hash(HiddenString $password, EncryptionKey $secretKey, string $level = KeyFactory::INTERACTIVE) : string
{
$kdfLimits = KeyFactory::getSecurityLevels($level);
// First, let's calculate the hash
$hashed = \Sodium\crypto_pwhash_str($password->getString(), $kdfLimits[0], $kdfLimits[1]);
// Now let's encrypt the result
return Crypto::encrypt(new HiddenString($hashed), $secretKey);
}