[转]php hash_pbkdf2 和 node.js crypto.pbkdf2
http://php.net/manual/en/function.hash-pbkdf2.php
http://php.net/manual/en/function.hash-pbkdf2.php
hash_pbkdf2
(PHP 5 >= 5.5.0, PHP 7)
hash_pbkdf2 — Generate a PBKDF2 key derivation of a supplied password
Description
$algo
, string $password
, string $salt
, int $iterations
[, int $length
= 0 [, bool$raw_output
= FALSE
]] )Parameters
algo
-
Name of selected hashing algorithm (i.e. md5, sha256, haval160,4, etc..) See hash_algos() for a list of supported algorithms.
password
-
The password to use for the derivation.
salt
-
The salt to use for the derivation. This value should be generated randomly.
iterations
-
The number of internal iterations to perform for the derivation.
length
-
The length of the output string. If
raw_output
isTRUE
this corresponds to the byte-length of the derived key, ifraw_output
isFALSE
this corresponds to twice the byte-length of the derived key (as every byte of the key is returned as two hexits).If 0 is passed, the entire output of the supplied algorithm is used.
raw_output
-
When set to
TRUE
, outputs raw binary data.FALSE
outputs lowercase hexits.
Return Values
Returns a string containing the derived key as lowercase hexits unless raw_output
is set to TRUE
in which case the raw binary representation of the derived key is returned.
Errors/Exceptions
An E_WARNING
will be raised if the algorithm is unknown, the iterations
parameter is less than or equal to 0, the length
is less than 0 or the salt
is too long (greater than INT_MAX
- 4).
Changelog
Version | Description |
---|---|
7.2.0 | Usage of non-cryptographic hash functions (adler32, crc32, crc32b, fnv132, fnv1a32, fnv164, fnv1a64, joaat) was disabled. |
Examples
Example #1 hash_pbkdf2() example, basic usage
<?php
$password = "password";
$iterations = 1000;
// Generate a random IV using openssl_random_pseudo_bytes()
// random_bytes() or another suitable source of randomness
$salt = openssl_random_pseudo_bytes(16);
$hash = hash_pbkdf2("sha256", $password, $salt, $iterations, 20);
echo $hash;
?>
The above example will output something similar to:
120fb6cffcf8b32c43e7
Notes
The PBKDF2 method can be used for hashing passwords for storage. However, it should be noted that password_hash() or crypt()with CRYPT_BLOWFISH
are better suited for password storage.
crypto.pbkdf2(password, salt, iterations, keylen, digest, callback)#
password
<string> | <Buffer> | <TypedArray> | <DataView>salt
<string> | <Buffer> | <TypedArray> | <DataView>iterations
<number>keylen
<number>digest
<string>callback
<Function>
Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2) implementation. A selected HMAC digest algorithm specified by digest
is applied to derive a key of the requested byte length (keylen
) from thepassword
, salt
and iterations
.
The supplied callback
function is called with two arguments: err
and derivedKey
. If an error occurs while deriving the key, err
will be set; otherwise err
will be null
. By default, the successfully generated derivedKey
will be passed to the callback as a Buffer
. An error will be thrown if any of the input arguments specify invalid values or types.
If digest
is null
, 'sha1'
will be used. This behavior is deprecated, please specify a digest
explicitely.
The iterations
argument must be a number set as high as possible. The higher the number of iterations, the more secure the derived key will be, but will take a longer amount of time to complete.
The salt
should be as unique as possible. It is recommended that a salt is random and at least 16 bytes long. See NIST SP 800-132 for details.
const crypto = require('crypto');
crypto.pbkdf2('secret', 'salt', 100000, 64, 'sha512', (err, derivedKey) => {
if (err) throw err;
console.log(derivedKey.toString('hex')); // '3745e48...08d59ae'
});
The crypto.DEFAULT_ENCODING
property can be used to change the way the derivedKey
is passed to the callback. This property, however, has been deprecated and use should be avoided.
const crypto = require('crypto');
crypto.DEFAULT_ENCODING = 'hex';
crypto.pbkdf2('secret', 'salt', 100000, 512, 'sha512', (err, derivedKey) => {
if (err) throw err;
console.log(derivedKey); // '3745e48...aa39b34'
});
An array of supported digest functions can be retrieved using crypto.getHashes()
.
Note that this API uses libuv's threadpool, which can have surprising and negative performance implications for some applications, see the UV_THREADPOOL_SIZE
documentation for more information.
[转]php hash_pbkdf2 和 node.js crypto.pbkdf2的更多相关文章
- Node.js crypto加密模块汇总
第一篇文章:MD5 和 SHA家族 概述:使用Node实现较为简单的Hash加密算法,本篇实际上重不在Hash加密,主要的还是为了引出crypto加密的三种方式 第二篇文章:HMAC 概述:密钥相关的 ...
- Node.js Crypto 加密算法库
Crypto库是随Nodejs内核一起打包发布的,主要提供了加密.解密.签名.验证等功能.Crypto利用OpenSSL库来实现它的加密技术,它提供OpenSSL中的一系列哈希方法,包括hmac.ci ...
- Node.js 内置模块crypto加密模块(4) Diffie Hellman
Diffie-Hellman( DH ):密钥交换协议/算法 ( Diffie-Hellman Key Exchange/Agreement Algorithm ) 百科摘录: Diffie-Hell ...
- 88.NODE.JS加密模块CRYPTO常用方法介绍
转自:https://www.jb51.net/article/50668.htm 使用require('crypto')调用加密模块. 加密模块需要底层系统提供OpenSSL的支持.它提供了一种安全 ...
- 记一次在node.js中使用crypto的createCipheriv方法进行加密时所遇到的坑
Node.js的crypto模块提供了一组包括对OpenSSL的哈希.HMAC.加密.解密.签名,以及验证等一整套功能的封装.具体的使用方法可以参考这篇文章中的描述:node.js_crypto模块. ...
- 转:Node.js软肋之CPU密集型任务
文章来自于:http://www.infoq.com/cn/articles/nodejs-weakness-cpu-intensive-tasks Node.js在官网上是这样定义的:“一个搭建在C ...
- Node.js 加密
稳定性: 2 - 不稳定; 正在讨论未来版本的 API 改进,会尽量减少重大变化.详见后文. 使用 require('crypto') 来访问这个模块. 加密模块提供了 HTTP 或 HTTPS 连接 ...
- Node.js:理解stream
Stream在node.js中是一个抽象的接口,基于EventEmitter,也是一种Buffer的高级封装,用来处理流数据.流模块便是提供各种API让我们可以很简单的使用Stream. 流分为四种类 ...
- Node.js API 初解读(二)
四. Cluster 1.简介 在介绍 Cluster 之前.我们需要知道 node的 一些基本特性,比如说 都知道的 nodejs最大的特点就是单进程.无阻塞运行,并且是异步事件驱动的. 那么随之而 ...
随机推荐
- github install
1.安装git依赖包 yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel gcc perl-ExtUti ...
- Django积木块11 —— 缓存
缓存 Django的缓存可以缓存视图中的函数,模版中的内容,和一些不长变化的数据. # setting CACHES = { 'default':{ 'BACKEND':'django.core.ca ...
- python 导入模块出错 ImportError: No module named 'request'
运行程序时报错 ImportError: No module named 'request' 1,第一种情况是真的没有安装requests这个模块,使用 sudo pip install reques ...
- [转]OpenContrail 体系架构文档
OpenContrail 体系架构文档 英文原文:http://opencontrail.org/opencontrail-architecture-documentation/ 翻译者:@KkBLu ...
- 3.CursorAdapter
会话页面 点击菜单时编辑的按钮显示,其余的时候gone ConversationUI public class ConversationUI extends Activity implements ...
- JavaScript使用浏览器内置XMLHttpRequest对象执行Ajax请求
所有现代浏览器均支持 XMLHttpRequest 对象(IE5 和 IE6 使用 ActiveXObject).XMLHttpRequest 用于在后台与服务器交换数据.这意味着可以在不重新加载整个 ...
- Python学习笔记【第三篇】:if判断、while循环、for循环
如果某些条件满足,才能做某件事情,而不满足时不允许做,这就是所谓的判断 不仅生活中有,在软件开发中“判断”功能也经常会用到 if判断语句 if 要判断的条件: 条件成立 num = 50 if num ...
- idea src下源文件和class编译文件不一致
今天遇到一个神奇BUG,一个和elasticsearch没有任何关系的项目,报错ES某个包找不到,刚开始以为是依赖了父项目的某个包,并且本项目主启动类ComponentScan扫描了相关的类进入Spr ...
- 机器学习入门03 - 降低损失 (Reducing Loss)
原文链接:https://developers.google.com/machine-learning/crash-course/reducing-loss/ 为了训练模型,需要一种可降低模型损失的好 ...
- vue中复选框全选与反选
html主要部分: <template v-for="(item, index) in checkboxList"> <input type="chec ...