ParagonIE\Halite\Password::needsRehash PHP Method

Password Class Documentation Usage Examples Of ParagonIE\Halite\Password::needsRehash Show file Open project: paragonie/halite

needsRehash() public static method

Is this password hash stale?
public static needsRehash ( string $stored, EncryptionKey $secretKey, string $level = KeyFactory::INTERACTIVE ) : boolean
$stored string Encrypted password hash
$secretKey EncryptionKey The master key for all passwords
$level string The security level for this password
return boolean Do we need to regenerate the hash or ciphertext? 
    public static function needsRehash(string $stored, EncryptionKey $secretKey, string $level = KeyFactory::INTERACTIVE) : bool
    {
        $config = self::getConfig($stored);
        if (Util::safeStrlen($stored) < $config->SHORTEST_CIPHERTEXT_LENGTH * 4 / 3) {
            throw new InvalidMessage('Encrypted password hash is too short.');
        }
        // First let's decrypt the hash
        $hash_str = Crypto::decrypt($stored, $secretKey, $config->ENCODING)->getString();
        // Upon successful decryption, verify that we're using Argon2i
        if (!\hash_equals(Util::safeSubstr($hash_str, 0, 9), \Sodium\CRYPTO_PWHASH_STRPREFIX)) {
            return true;
        }
        // Parse the cost parameters:
        switch ($level) {
            case KeyFactory::INTERACTIVE:
                return !\hash_equals('$argon2i$v=19$m=32768,t=4,p=1$', Util::safeSubstr($hash_str, 0, 30));
            case KeyFactory::MODERATE:
                return !\hash_equals('$argon2i$v=19$m=131072,t=6,p=1$', Util::safeSubstr($hash_str, 0, 31));
            case KeyFactory::SENSITIVE:
                return !\hash_equals('$argon2i$v=19$m=524288,t=8,p=1$', Util::safeSubstr($hash_str, 0, 31));
            default:
                return true;
        }
    }

Usage Example

Example #1
0
 public function testRehash()
 {
     $key = new EncryptionKey(new HiddenString(\str_repeat('A', 32)));
     try {
         // Sorry version 1, you get no love from us anymore.
         $legacyHash = '3142010064c0c42347b248372d9605621bd6e56e6ace8d2c6f6a3cf3d1a37a40' . '3f031b5be025f00763a92ffb47281065419663e972b1a8faa08ae34bd9fdb35b2ca7727f41' . 'ca8edc75293d8f3bf12604ff4188d71473b605d48d1e378388465c6e4c733cae5f89802ebb' . '79ec6532b430a4799e545956113f116fa705e3ed2d7b17bb6dbf435f36a0f50dcb541adb82' . 'a83f6d01ae66b2f4d46540161ba6cc37dbd0e870aed8334cb71f8162a9e7e7974396bdb1bc' . '4da5099423820b870e39a3ffe5';
         Password::needsRehash($legacyHash, $key);
     } catch (\ParagonIE\Halite\Alerts\InvalidMessage $ex) {
         $this->assertSame('Invalid version tag', $ex->getMessage());
     }
     try {
         $legacyHash = '3142020164c0c42347b248372d9605621bd6e56e6ace8d2c6f6a3cf3d1a37a40' . '3f031b5be025f00763a92ffb47281065419663e972b1a8faa08ae34bd9fdb35b2ca7727f41' . 'ca8edc75293d8f3bf12604ff4188d71473b605d48d1e378388465c6e4c733cae5f89802ebb' . '79ec6532b430a4799e545956113f116fa705e3ed2d7b17bb6dbf435f36a0f50dcb541adb82' . 'a83f6d01ae66b2f4d46540161ba6cc37dbd0e870aed8334cb71f8162a9e7e7974396bdb1bc' . '4da5099423820b870e39a3ffe5';
         Password::needsRehash($legacyHash, $key);
     } catch (\ParagonIE\Halite\Alerts\InvalidMessage $ex) {
         $this->assertSame('Invalid message authentication code', $ex->getMessage());
     }
     $hash = Password::hash(new HiddenString('test password'), $key);
     $this->assertFalse(Password::needsRehash($hash, $key));
 }
All Usage Examples Of ParagonIE\Halite\Password::needsRehash
Password
getConfig
hash
needsRehash
verify