sigmasternchen/php-doc-en
1
0
Fork 0
mirror of https://github.com/sigmasternchen/php-doc-en synced 2025-03-15 16:38:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

openssl_pbkf2 commit, removing bad ciphers from get cipher methods example

Browse source 
https://bugs.php.net/bug.php?id=71817


git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@343015 c90b9560-bf6c-de11-be94-00142212c4b1
This commit is contained in:
Mark Jones 2017-09-06 20:12:11 +00:00
parent 8fdb77c603
commit dfb5e6fa03
3 changed files with 58 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
reference/hash/functions/hash-pbkdf2.xml
View file

@ -140,9 +140,9 @@
$password = "password";
$iterations = 1000;
// Generate a random IV using mcrypt_create_iv(),
// openssl_random_pseudo_bytes() or another suitable source of randomness
$salt = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
// Generate a random IV using openssl_random_pseudo_bytes()
// random_bytes() or another suitable source of randomness
$salt = openssl_random_pseudo_bytes(16);
$hash = hash_pbkdf2("sha256", $password, $salt, $iterations, 20);
echo $hash;
@ -182,6 +182,7 @@ echo $hash;
<member><function>hash_init</function></member>
<member><function>hash_hmac</function></member>
<member><function>hash_hmac_file</function></member>
<member><function>openssl_pbkdf2</function></member>
</simplelist>
</para>
</refsect1>

79
reference/openssl/functions/openssl-get-cipher-methods.xml
View file

@ -59,10 +59,19 @@ $ciphers = openssl_get_cipher_methods();
$ciphers_and_aliases = openssl_get_cipher_methods(true);
$cipher_aliases = array_diff($ciphers_and_aliases, $ciphers);
//ECB mode should be avoided
$ciphers = array_filter( $ciphers, function($n) { return stripos($n,"ecb")===FALSE; } );
//At least as early as Aug 2016, Openssl declared the following weak: RC2, RC4, DES, 3DES, MD5 based
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"des")===FALSE; } );
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"rc2")===FALSE; } );
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"rc4")===FALSE; } );
$ciphers = array_filter( $ciphers, function($c) { return stripos($c,"md5")===FALSE; } );
$cipher_aliases = array_filter( $cipher_aliases, function($c) { return stripos($c,"des")===FALSE; } );
$cipher_aliases = array_filter( $cipher_aliases, function($c) { return stripos($c,"rc2")===FALSE; } );
print_r($ciphers);
print_r($cipher_aliases);
?>
]]>
</programlisting>
@ -75,108 +84,50 @@ Array
[1] => AES-128-CFB
[2] => AES-128-CFB1
[3] => AES-128-CFB8
[4] => AES-128-ECB
[5] => AES-128-OFB
[6] => AES-192-CBC
[7] => AES-192-CFB
[8] => AES-192-CFB1
[9] => AES-192-CFB8
[10] => AES-192-ECB
[11] => AES-192-OFB
[12] => AES-256-CBC
[13] => AES-256-CFB
[14] => AES-256-CFB1
[15] => AES-256-CFB8
[16] => AES-256-ECB
[17] => AES-256-OFB
[18] => BF-CBC
[19] => BF-CFB
[20] => BF-ECB
[21] => BF-OFB
[22] => CAST5-CBC
[23] => CAST5-CFB
[24] => CAST5-ECB
[25] => CAST5-OFB
[26] => DES-CBC
[27] => DES-CFB
[28] => DES-CFB1
[29] => DES-CFB8
[30] => DES-ECB
[31] => DES-EDE
[32] => DES-EDE-CBC
[33] => DES-EDE-CFB
[34] => DES-EDE-OFB
[35] => DES-EDE3
[36] => DES-EDE3-CBC
[37] => DES-EDE3-CFB
[38] => DES-EDE3-OFB
[39] => DES-OFB
[40] => DESX-CBC
[41] => IDEA-CBC
[42] => IDEA-CFB
[43] => IDEA-ECB
[44] => IDEA-OFB
[45] => RC2-40-CBC
[46] => RC2-64-CBC
[47] => RC2-CBC
[48] => RC2-CFB
[49] => RC2-ECB
[50] => RC2-OFB
[51] => RC4
[52] => RC4-40
[53] => aes-128-cbc
[54] => aes-128-cfb
[55] => aes-128-cfb1
[56] => aes-128-cfb8
[57] => aes-128-ecb
[58] => aes-128-ofb
[59] => aes-192-cbc
[60] => aes-192-cfb
[61] => aes-192-cfb1
[62] => aes-192-cfb8
[63] => aes-192-ecb
[64] => aes-192-ofb
[65] => aes-256-cbc
[66] => aes-256-cfb
[67] => aes-256-cfb1
[68] => aes-256-cfb8
[69] => aes-256-ecb
[70] => aes-256-ofb
[71] => bf-cbc
[72] => bf-cfb
[73] => bf-ecb
[74] => bf-ofb
[75] => cast5-cbc
[76] => cast5-cfb
[77] => cast5-ecb
[78] => cast5-ofb
[79] => des-cbc
[80] => des-cfb
[81] => des-cfb1
[82] => des-cfb8
[83] => des-ecb
[84] => des-ede
[85] => des-ede-cbc
[86] => des-ede-cfb
[87] => des-ede-ofb
[88] => des-ede3
[89] => des-ede3-cbc
[90] => des-ede3-cfb
[91] => des-ede3-ofb
[92] => des-ofb
[93] => desx-cbc
[94] => idea-cbc
[95] => idea-cfb
[96] => idea-ecb
[97] => idea-ofb
[98] => rc2-40-cbc
[99] => rc2-64-cbc
[100] => rc2-cbc
[101] => rc2-cfb
[102] => rc2-ecb
[103] => rc2-ofb
[104] => rc4
[105] => rc4-40
)
Array
(
@ -186,11 +137,7 @@ Array
[21] => BF
[26] => CAST
[27] => CAST-cbc
[32] => DES
[47] => DES3
[48] => DESX
[50] => IDEA
[55] => RC2
[82] => aes128
[83] => aes192
[84] => aes256
@ -198,11 +145,7 @@ Array
[90] => blowfish
[91] => cast
[92] => cast-cbc
[97] => des
[112] => des3
[113] => desx
[115] => idea
[120] => rc2
)
]]>

53
reference/openssl/functions/openssl-pbkdf2.xml
View file

@ -4,7 +4,7 @@
<refentry xml:id="function.openssl-pbkdf2" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
<refnamediv>
<refname>openssl_pbkdf2</refname>
<refpurpose>Generates a PKCS5 v2 PBKDF2 string, defaults to SHA-1</refpurpose>
<refpurpose>Generates a PKCS5 v2 PBKDF2 string</refpurpose>
</refnamediv>
<refsect1 role="description">
@ -18,11 +18,10 @@
<methodparam choice="opt"><type>string</type><parameter>digest_algorithm</parameter></methodparam>
</methodsynopsis>
<para>
<function>openssl_pbkdf2</function> computes PBKDF2 (Password-Based Key Derivation Function 2),
a key derivation function defined in PKCS5 v2.
</para>
&warn.undocumented.func;
</refsect1>
<refsect1 role="parameters">
@ -32,7 +31,7 @@
<term><parameter>password</parameter></term>
<listitem>
<para>
Password from which the derived key is generated.
</para>
</listitem>
</varlistentry>
@ -40,7 +39,7 @@
<term><parameter>salt</parameter></term>
<listitem>
<para>
PBKDF2 recommends a crytographic salt of at least 64 bits (8 bytes).
</para>
</listitem>
</varlistentry>
@ -48,7 +47,7 @@
<term><parameter>key_length</parameter></term>
<listitem>
<para>
Length of desired output key.
</para>
</listitem>
</varlistentry>
@ -56,7 +55,9 @@
<term><parameter>iterations</parameter></term>
<listitem>
<para>
The number of iterations desired. <link
xlink:href="https://pages.nist.gov/800-63-3/sp800-63b.html#sec5">NIST
recommends at least 10,000</link>.
</para>
</listitem>
</varlistentry>
@ -64,7 +65,7 @@
<term><parameter>digest_algorithm</parameter></term>
<listitem>
<para>
Optional hash or digest algorithm from <function>openssl_get_md_methods</function>. Defaults to SHA-1.
</para>
</listitem>
</varlistentry>
@ -74,10 +75,42 @@
<refsect1 role="returnvalues">
&reftitle.returnvalues;
<para>
Returns string&return.falseforfailure;.
Returns raw binary string&return.falseforfailure;.
</para>
</refsect1>
<refsect1 role="examples">
&reftitle.examples;
<para>
<example>
<title>openssl_pbkdf2() example</title>
<programlisting role="php">
<![CDATA[
<?php
$password = 'yOuR-pAs5w0rd-hERe';
$salt = openssl_random_pseudo_bytes(12);
$keyLength = 40;
$iterations = 10000;
$generated_key = openssl_pbkdf2($password, $salt, $keyLength, $iterations, 'sha256');
echo bin2hex($generated_key)."\n";
echo base64_encode($generated_key)."\n";
?>
]]>
</programlisting>
</example>
</para>
</refsect1>
<refsect1 role="seealso">
&reftitle.seealso;
<para>
<simplelist>
<member><function>hash_pbkdf2</function></member>
<member><function>openssl_get_md_methods</function></member>
</simplelist>
</para>
</refsect1>
</refentry>