openssl_pbkdf2

openssl_pbkdf2

Generates a PKCS5 v2 PBKDF2 string

 **openssl_pbkdf2** string $password string $salt int $key_length int $iterations string $digest_algo

computes PBKDF2 (Password-Based Key Derivation Function 2),

a key derivation function defined in PKCS5 v2. openssl_pbkdf2

passwordPassword from which the derived key is generated.

saltPBKDF2 recommends a crytographic salt of at least 128 bits (16 bytes).

key_lengthLength of desired output key.

iterations The number of iterations desired. . As of 2023, OWASP recommends 600,000 iterations for PBKDF2-HMAC-SHA256 and 210,000 for PBKDF2-HMAC-SHA512. NIST recommends at least 1,000

digest_algo Optional hash or digest algorithm from . Defaults to SHA-1. It is recommended to set it to SHA-256 or SHA-512. openssl_get_md_methods

Returns raw binary stringreturn.falseforfailure.

Voorbeeld: openssl_pbkdf2() example

<?php
$password = 'password';
$salt = openssl_random_pseudo_bytes(16);
$keyLength = 20;
$iterations = 600000;
$generated_key = openssl_pbkdf2($password, $salt, $keyLength, $iterations, 'sha256');
echo bin2hex($generated_key)."\n";
echo base64_encode($generated_key)."\n";
?>

hash_pbkdf2``openssl_get_md_methods