password.inc
Version 1.9 (checked in on 2010/12/18 at 00:56:18 by dries)
Secure password hashing functions for user authentication.
Based on the Portable PHP password hashing framework.
See also
http://www.openwall.com/phpass/
An alternative or custom version of this password hashing API may be used by setting the variable password_inc to the name of the PHP file containing replacement user_hash_password(), user_check_password(), and user_needs_new_hash() functions.
Constants
| Name | Description |
|---|---|
| DRUPAL_HASH_COUNT | The standard log2 number of iterations for password stretching. This should increase by 1 every Drupal version in order to counteract increases in the speed and power of computers available to crack the hashes. |
| DRUPAL_HASH_LENGTH | The expected (and maximum) number of characters in a hashed password. |
| DRUPAL_MAX_HASH_COUNT | The maximum allowed log2 number of iterations for password stretching. |
| DRUPAL_MIN_HASH_COUNT | The minimum allowed log2 number of iterations for password stretching. |
Functions & methods
| Name | Description |
|---|---|
| user_check_password | Check whether a plain text password matches a stored hashed password. |
| user_hash_password | Hash a password using a secure hash. |
| user_needs_new_hash | Check whether a user's hashed password needs to be replaced with a new hash. |
| _password_base64_encode | Encode bytes into printable base 64 using the *nix standard from crypt(). |
| _password_crypt | Hash a password using a secure stretched hash. |
| _password_enforce_log2_boundaries | Ensures that $count_log2 is within set bounds. |
| _password_generate_salt | Generates a random base 64-encoded salt prefixed with settings for the hash. |
| _password_get_count_log2 | Parse the log2 iteration count from a stored hash or setting string. |
| _password_itoa64 | Returns a string for mapping an int to the corresponding base 64 character. |
It's full of delicious functions!
