MIT Licensed - feel free to use to enhance the security of any of your PHP projects

Wraps Bcrypt-SHA256 in Authenticated Encryption. Published by Paragon Initiative Enteprises. Check out our other open source projects too.

Depends on defuse/php-encryption for authenticated symmetric-key encryption

Peppering strategies are usually accomplished through a keyed hash function (e.g. HMAC-SHA256) and applies to the password before it's passed to the salted hash API (i.e. bcrypt). If your pepper/HMAC key is ever compromised, you have to reset every user's password and it becomes a headache.

A hash then encrypt strategy offers agility; if your secret key is compromised (but, miraculously, the hashes are not), you can decrypt all of your users' hashes then re-encrypt them with a new key and they'll never suffer the inconvenience of an unscheduled password reset.

• You don't have to worry about the 72 character limit for bcrypt
• You don't have to worry about accidentally creating a null-byte truncation vulnerability
• If your database gets hacked, and your database is on a separate machine from your webserver, the attacker has to first decrypt the hashes before attempting to crack any of them.

Here's a proof-of-concept for the first two points.

But realistically, this library is only about as a secure as bcrypt.

use \ParagonIE\PasswordLock\PasswordLock;

$key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F";
$storeMe = PasswordLock::hashAndEncrypt($_POST['password'], $key);

if (PasswordLock::decryptAndVerify($_POST['password'], $storeMe, $key)) {
    // Success!
}

$newKey = "\xFF\xFE\xFD\xFC\xFB\xFA\xF9\xF8\xF7\xF6\xF5\xF4\xF3\xF2\xF1\xF0";
$newHash = PasswordLock::rotateKey($storeMe, $key, $newKey);