Airship\Engine\Security\Migration\WordPress::wordPressCryptPrivate PHP Method

WordPress Class Documentation Show file Open project: paragonie/airship

wordPressCryptPrivate() private method

The actual security of CMS Airship doesn't depend on this algorithm.

private wordPressCryptPrivate ( HiddenString $password, string $setting ) : string
$password	Airship\Engine\Security\HiddenString
$setting	string
return	string

    private function wordPressCryptPrivate(HiddenString $password, string $setting) : string
    {
        $output = '*0';
        if (Binary::safeSubstr($setting, 0, 2) === $output) {
            $output = '*1';
        }
        $id = Binary::safeSubstr($setting, 0, 3);
        if ($id !== '$P$' && $id !== '$H$') {
            return $output;
        }
        // This is a really weird way to encode iteration count.
        $count_log2 = \strpos($this->itoa64, $setting[3]);
        if ($count_log2 < 7 || $count_log2 > 30) {
            return $output;
        }
        $count = 1 << $count_log2;
        $salt = Binary::safeSubstr($setting, 4, 8);
        if (Binary::safeStrlen($salt) !== 8) {
            return $output;
        }
        // And now we do our (default 8192) rounds of MD5...
        $hash = \md5($salt . $password->getString(), true);
        do {
            $hash = \md5($hash . $password->getString(), true);
        } while (--$count);
        $output = Binary::safeSubstr($setting, 0, 12);
        $output .= $this->encode64($hash, 16);
        return $output;
    }

WordPress

encode64

getHashWithMetadata

setPasswordKey

validate

wordPressCryptPrivate