charlesportwoodii / php-argon2-ext Goto Github PK
View Code? Open in Web Editor NEWPHP7 extension for Argon2
License: Other
PHP7 extension for Argon2
License: Other
I read the documentation and it said to run a make bench test. I did that and it spit out a binary file. How am I supposed to determine the appropriate settings from that file?
https://tools.ietf.org/html/draft-irtf-cfrg-argon2-03#section-3.1
Argon 2 Provides the user with the ability to add a "secret value" or "key" to the hash, in addition to the already existing salt.
This can perfectly serve as a pepper for further securing the password against leaks (attacker gains access to database, SQL injection, whatever)
Salt should be compatible with php_password_make_salt
without copy/paste from password.c
+ License exposure since php_password.h
doesn't expose php_password_make_salt
.
One thing that would totally be awesome would be having a side-function that just takes the parameters including a salt and outputs a key which then can be used for example to encrypt stuff.
especially as the description notes it as a sucessor to PBKDF, which obviously is a KDF.
BananaPi /w Bananian 16.04 r01 (kernel: 3.4.111-bananian)
PHP 5.6.30-0+deb8u1 (cli)
finishing "make" command after "./configure --with-argon2" without errors
getting error message:
/bin/bash /php-argon2-ext/libtool --mode=compile cc -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -I. -I/php-argon2-ext -DPHP_ATOM_INC -I~/php-argon2-ext/include -I~/php-argon2-ext/main -I~/php-argon2-ext -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I~/php-argon2-ext/ext/argon2/include -I~/php-argon2-ext/ext/argon2 -DHAVE_CONFIG_H -g -O2 -c /php-argon2-ext/argon2.c -o argon2.lo/php-argon2-ext -DPHP_ATOM_INC -l~/php-argon2-ext/include -I~/php-argon2-ext/main -I~/php-argon2-ext -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I~/php-argon2-ext/ext/argon2/include -I~/php-argon2-ext/ext/argon2 -DHAVE_CONFIG_H -g -O2 -c~/php-argon2-ext/argon2.c -fPIC -DPIC -o .libs/argon2.o
libtool: compile: cc -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -I. -I
~/php-argon2-ext/argon2.c:10:37: fatal error: ext/standard/php_random.h: No such file or directory
#include "ext/standard/php_random.h"
^
compilation terminated.
Makefile:181: recipe for target 'argon2.lo' failed
make: *** [argon2.lo] Error 1
following your build instructions step-by-step
Building without optimizations
cc -std=c89 -pthread -O3 -Wall -g -Iinclude -Isrc -Wextra -Wno-type-limits src/argon2.c src/core.c src/blake2/blake2b.c src/thread.c src/encoding.c src/ref.c src/test.c -o testcase
Default build
argon2i v=16: OK
argon2d v=16: OK
argon2id v=16: OK
argon2i v=19: OK
argon2d v=19: OK
argon2id v=19: OK
Force OPTTEST=1
argon2i v=16: OK
argon2d v=16: OK
argon2id v=16: OK
argon2i v=19: OK
argon2d v=19: OK
argon2id v=19: OK
./testcase
Test Argon2i version number: 10
Hash test: $v=16 t=2, m=16, p=1, pass=password, salt=somesalt: PASS
Hash test: $v=16 t=2, m=18, p=1, pass=password, salt=somesalt: PASS
Hash test: $v=16 t=2, m=8, p=1, pass=password, salt=somesalt: PASS
Hash test: $v=16 t=2, m=8, p=2, pass=password, salt=somesalt: PASS
Hash test: $v=16 t=1, m=16, p=1, pass=password, salt=somesalt: PASS
Hash test: $v=16 t=4, m=16, p=1, pass=password, salt=somesalt: PASS
Hash test: $v=16 t=2, m=16, p=1, pass=differentpassword, salt=somesalt: PASS
Hash test: $v=16 t=2, m=16, p=1, pass=password, salt=diffsalt: PASS
Recognise an invalid encoding: PASS
Recognise an invalid encoding: PASS
Recognise an invalid salt in encoding: PASS
Verify with mismatched password: PASS
Decode an error message: PASS
Test Argon2i version number: 13
Hash test: $v=19 t=2, m=16, p=1, pass=password, salt=somesalt: PASS
Hash test: $v=19 t=2, m=18, p=1, pass=password, salt=somesalt: PASS
Hash test: $v=19 t=2, m=8, p=1, pass=password, salt=somesalt: PASS
Hash test: $v=19 t=2, m=8, p=2, pass=password, salt=somesalt: PASS
Hash test: $v=19 t=1, m=16, p=1, pass=password, salt=somesalt: PASS
Hash test: $v=19 t=4, m=16, p=1, pass=password, salt=somesalt: PASS
Hash test: $v=19 t=2, m=16, p=1, pass=differentpassword, salt=somesalt: PASS
Hash test: $v=19 t=2, m=16, p=1, pass=password, salt=diffsalt: PASS
Recognise an invalid encoding: PASS
Recognise an invalid encoding: PASS
Recognise an invalid salt in encoding: PASS
Verify with mismatched password: PASS
Decode an error message: PASS
Common error state tests
Fail on invalid memory: PASS
Fail on invalid null pointer: PASS
Fail on salt too short: PASS
make test 247.39s user 14.19s system 99% cpu 4:23.55 total
I've already asked on Stackoverflow but figured this might be the right place to ask :)
https://stackoverflow.com/questions/65180567/argon2-php-vs-java-hash-len
Is there a specific reason why we don't have the option of setting a hash length in PHP?
macOS
Debian etc
php 7 - 8
Being able to set the argon2 hash length.
$options = [
"memory_cost" => 1024,
"time_cost" => 2,
"threads" => 2
];
password_hash('password', PASSWORD_ARGON2I, $options);
There is no option for the hash length for example like in java or python etc:
argon2.hash_password(
"password",
memory_cost=512,
time_cost=2,
parallelism=2,
hash_len=24
)
hash = argon2.hash_password_raw(
time_cost=16, memory_cost=2**15, parallelism=2, hash_len=32,
password=b'password', salt=b'some salt', type=argon2.low_level.Type.ID)
print("Argon2 raw hash:", binascii.hexlify(hash))
argon2Hasher = argon2.PasswordHasher(
time_cost=16, memory_cost=2**15, parallelism=2, hash_len=32, salt_len=16)
hash = argon2Hasher.hash("password")
php + python kinda solves it.
Execute the code from above
PHP Password implementation
https://github.com/php/php-src/blob/5b01c4863fe9e4bc2702b2bbf66d292d23001a18/ext/standard/password.c
https://github.com/p-h-c/phc-winner-argon2
The argon2 hash has the option for a hash length, which defaults to 32.
Usage: ./argon2 [-h] salt [-i|-d|-id] [-t iterations] [-m memory] [-p parallelism] [-l hash length] [-e|-r] [-v (10|13)]
Password is read from stdin
Parameters:
salt The salt to use, at least 8 characters
-i Use Argon2i (this is the default)
-d Use Argon2d instead of Argon2i
-id Use Argon2id instead of Argon2i
-t N Sets the number of iterations to N (default = 3)
-m N Sets the memory usage of 2^N KiB (default 12)
-p N Sets parallelism to N threads (default 1)
-l N Sets hash output length to N bytes (default 32)
-e Output only encoded hash
-r Output only the raw bytes of the hash
-v (10|13) Argon2 version (defaults to the most recent version, currently 13)
-h Print argon2 usage
So any clue why there is no option for the php implementation?
Please add a function argon2_needs_rehash. Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.