protected function PhpassHashedPassword::generateSalt

Generates a random base 64-encoded salt prefixed with settings for the hash.

Proper use of salts may defeat a number of attacks, including:

The ability to try candidate passwords against multiple hashes at once.
The ability to use pre-hashed lists of candidate passwords.
The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.

Return value

String A 12 character string containing the iteration count and a random salt.

1 call to PhpassHashedPassword::generateSalt()

PhpassHashedPassword::hash in drupal/core/lib/Drupal/Core/Password/PhpassHashedPassword.php: Implements Drupal\Core\Password\PasswordInterface::hash().

File

drupal/core/lib/Drupal/Core/Password/PhpassHashedPassword.php, line 109: Definition of Drupal\Core\Password\PhpassHashedPassword

Class

PhpassHashedPassword: Secure password hashing functions based on the Portable PHP password hashing framework.

Namespace

Drupal\Core\Password

Code

protected function generateSalt() {
  $output = '$S$';

  // We encode the final log2 iteration count in base 64.
  $output .= static::$ITOA64[$this->countLog2];

  // 6 bytes is the standard salt for a portable phpass hash.
  $output .= $this
    ->base64Encode(Crypt::randomBytes(6), 6);
  return $output;
}

Main menu

Search Drupal 8.x

API Navigation

protected function PhpassHashedPassword::generateSalt

Return value

File

Class

Namespace

Code

Main menu

You are here

Search Drupal 8.x

API Navigation

protected function PhpassHashedPassword::generateSalt

Return value

File

Class

Namespace

Code