Proposal for "Crypt_FSHP"

» Metadata » Status
  • Category: Encryption
  • Proposer: Berk D. Demir 
  • License: BSD Style
  • Status: Proposed
» Description
/**
* Fairly Secure Hashed Passwords. A PBKDF1 similar implementation.
*
* Fairly Secure Hashed Password (FSHP) is a salted, iteratively hashed
* password hashing implementation.
*
* Design principle is similar with PBKDF1 specification in RFC 2898
* (a.k.a: PKCS #5: Password-Based Cryptography Specification Version 2.0)
*
* FSHP allows choosing the salt length, number of iterations and the
* underlying cryptographic hash function among SHA-1 and SHA-2 (256, 384, 512).
*
* SECURITY:
* Default FSHP1 uses 8 byte salts, with 4096 iterations of SHA-256 hashing.
* - 8 byte salt renders rainbow table attacks impractical by multiplying the
* required space with 2^64.
* - 4096 iterations causes brute force attacks to be fairly expensive.
* - There are no known attacks against SHA-256 to find collisions with
* a computational effort of fewer than 2^128 operations at the time of
* this release.
*
* BASIC OPERATION:
* <code>
* $fsh = Crypt_FSHP::crypt('OrpheanBeholderScryDoubt');
* </code>
* <samp>
* Return Value:
* {FSHP1|8|4096}GVSUFDAjdh0vBosn1GUhzGLHP7BmkbCZVH/3TQqGIjADXpc+6NCg3g==
* </samp>
* <code>
* Crypt_FSHP::check('OrpheanBeholderScryDoubt', $fsh);
* </code>
* <samp>
* Return Value:
* true
* </samp>
*
* CUSTOMIZING THE CRYPT:
* Let's set a higher password storage security baseline.
* - Increase the salt length from default 8 to 16.
* - Increase the hash rounds from default 4096 to 8192.
* - Select FSHP3 with SHA-512 as the underlying hash algorithm.
*
* <code>
* Crypt_FSHP::crypt('ExecuteOrder66', null, 16, 8192, 3);
* </code>
* <samp>
* Return Value:
* {FSHP3|16|8192}0aY7rZQ+/PR+Rd5/I9ssRM7cjguyT8ibypNaSp/.....wyJJa2EqOsq4Io=
* </samp>
*
* PHP version 5
*
* @category Encryption
* @package Crypt_FSHP
* @author Berk D. Demir <bdd@mindcast.org>
* @license http://creativecommons.org/licenses/publicdomain/ Public Domain
* Author(s) of this computer software disclaim their respective
* copyright on the source code and related documentation, thus
* releasing their work to Public Domain.
* In case you are forced by your lawyer to get a copyright license,
* you may contact any of the authors to get this software
* (and its related documentation) with a BSD type license.
* @version Release: @release_version@
* @link http://github.com/bdd/fshp/ Git Repository
* @link http://pear.php.net/package/Crypt_FSHP/ PEAR
* @since File available since Release 0.2.2
*/
» Dependencies » Links
  • PEAR/Exception.php
  • PHP 5.1.2
» Timeline » Changelog
  • First Draft: 2009-02-24
  • Proposal: 2009-02-24
  • Call for Votes: 1970-01-01
  • Voting Extended: 1970-01-01