English
English
string hash_pbkdf2 (
string $algo,
string $password,
string $salt,
int $iterations,
int $length = 0,
bool $raw_output = false
)
$algo : Specifies the hashing algorithm used, such as sha256 , sha1 , etc. It must be an algorithm supported by PHP.
$password : original password or key.
$salt : Random salt value to prevent the same password from generating the same hash.
$iterations : The number of iterations, the greater the security, the higher the performance consumption.
$length : The output key length, default 0 represents the default length of the output hash algorithm.
$raw_output : Whether to output binary format, default false to output hexadecimal string.
hash_pbkdf2('sha999', 'password', 'salt', 1000);
Cause of error: sha999 is not a valid algorithm, the call will fail or a warning will be thrown.
Solution : Call hash_algos() to get the list of supported algorithms and select the correct algorithm.
hash_pbkdf2('sha256', 'password', 'salt', 0);
Cause of error: The number of iterations must be a positive integer, 0 or negative numbers are invalid, which may cause extremely low security.
Solution : The number of iterations should be set to at least 1000, and the specific value should be adjusted according to the application security requirements.
hash_pbkdf2('sha256', 'password', 'salt', 1000, 99999);
Cause of error: An overly large length request may result in an empty string or performance bottleneck.
Solution : The general output length is recommended not to exceed several times the maximum output length of the hash algorithm. Commonly, if the output length of sha256 is 32 bytes, it should be reasonable when setting $length .
hash_pbkdf2('sha256', 'password', 'salt', 1000, 64, 'true');
Cause of error: $raw_output should be a boolean value, passing in a string will cause a type warning or will not meet the expected output format.
Workaround : explicitly pass in true or false boolean type.
$algos = hash_algos();
print_r($algos);
Check which hash algorithms are supported in the current PHP environment to avoid parameter errors.
Print the parameters before calling and confirm that the parameter value is correct.
$algo = 'sha256';
$password = 'myPassword';
$salt = 'randomSalt';
$iterations = 1000;
$length = 64;
var_dump($algo, $password, $salt, $iterations, $length);
$key = hash_pbkdf2($algo, $password, $salt, $iterations, $length, false);
echo $key;
Observe the time spent after the number of iterations set through the timing function to find the balance point between safety and performance.
$start = microtime(true);
hash_pbkdf2('sha256', 'password', 'salt', 10000);
$end = microtime(true);
echo "time consuming:" . ($end - $start) . "Second";
Confirm whether the output results meet the expected length and format (hexadecimal or binary).
$algo = 'sha256';
$password = 'user_password';
$salt = 'unique_salt_value';
$iterations = 10000;
$length = 64; // 64Hexadecimal characters,equal32byte
$raw_output = false;
$derived_key = hash_pbkdf2($algo, $password, $salt, $iterations, $length, $raw_output);
echo "Derived key:" . $derived_key;
Note that the salt here must be unique and random, with reasonable number of iterations and the algorithm exists.
When using hash_pbkdf2 , be sure to confirm that the hash algorithm is valid.
The number of iterations should be set reasonably to ensure safety and performance.
The output length and format parameters must be in line with expectations.
During debugging, hash_algos() , var_dump and timing functions can be used to assist in positioning problems.
Mastering these can help you avoid safety hazards and program abnormalities caused by parameter errors.
