Page MenuHomePhabricator
Diviner Phabricator Tech Docs PhabricatorBcryptPasswordHasher

final class PhabricatorBcryptPasswordHasher
Phabricator Technical Documentation ()

This class is not documented.

Tasks

Implementing a Hasher

Using Hashers

  • final public function getPasswordHashForStorage($envelope) — Get the hash of a password for storage.
  • private static function parseHashFromStorage($hash) — Parse a storage hash into its components, like the hash type and hash data.
  • public static function getAllHashers() — Get all available password hashers. This may include hashers which can not actually be used (for example, a required extension is missing).
  • public static function getAllUsableHashers() — Get all usable password hashers. This may include hashers which are not desirable or advisable.
  • public static function getBestHasher() — Get the best (strongest) available hasher.
  • public static function getHasherForHash($hash) — Get the hasher for a given stored hash.
  • public static function canUpgradeHash($hash) — Test if a password is using an weaker hash than the strongest available hash. This can be used to prompt users to upgrade, or automatically upgrade on login.
  • public static function generateNewPasswordHash($password) — Generate a new hash for a password, using the best available hasher.
  • public static function comparePassword($password, $hash) — Compare a password to a stored hash.

Other Methods

Methods

public function getHumanReadableName()

PhabricatorPasswordHasher

Return a human-readable description of this hasher, like "Iterated MD5".

PhabricatorBcryptPasswordHasher
This method is not documented.
Return
stringHuman readable hash name.

public function getHashName()

PhabricatorPasswordHasher

Return a short, unique, key identifying this hasher, like "md5" or "bcrypt". This identifier should not be translated.

PhabricatorBcryptPasswordHasher
This method is not documented.
Return
stringShort, unique hash name.

public function getHashLength()

PhabricatorPasswordHasher

Return the maximum byte length of hashes produced by this hasher. This is used to prevent storage overflows.

PhabricatorBcryptPasswordHasher
This method is not documented.
Return
intMaximum number of bytes in hashes this class produces.

public function canHashPasswords()

PhabricatorPasswordHasher

Return true to indicate that any required extensions or dependencies are available, and this hasher is able to perform hashing.

PhabricatorBcryptPasswordHasher
This method is not documented.
Return
boolTrue if this hasher can execute.

public function getInstallInstructions()

PhabricatorPasswordHasher

Return a human-readable string describing why this hasher is unable to operate. For example, "To use bcrypt, upgrade to PHP 5.5.0 or newer.".

PhabricatorBcryptPasswordHasher
This method is not documented.
Return
stringHuman-readable description of how to enable this hasher.

public function getStrength()

PhabricatorPasswordHasher

Return an indicator of this hasher's strength. When choosing to hash new passwords, the strongest available hasher which is usable for new passwords will be used, and the presence of a stronger hasher will prompt users to update their hashes.

Generally, this method should return a larger number than hashers it is preferable to, but a smaller number than hashers which are better than it is. This number does not need to correspond directly with the actual hash strength.

PhabricatorBcryptPasswordHasher
This method is not documented.
Return
floatStrength of this hasher.

public function getHumanReadableStrength()

PhabricatorPasswordHasher

Return a short human-readable indicator of this hasher's strength, like "Weak", "Okay", or "Good".

This is only used to help administrators make decisions about configuration.

PhabricatorBcryptPasswordHasher
This method is not documented.
Return
stringShort human-readable description of hash strength.

protected function getPasswordHash($envelope)

PhabricatorPasswordHasher

Produce a password hash.

PhabricatorBcryptPasswordHasher
This method is not documented.
Parameters
PhutilOpaqueEnvelope$envelopeText to be hashed.
Return
PhutilOpaqueEnvelopeHashed text.

protected function verifyPassword($password, $hash)

PhabricatorPasswordHasher

Verify that a password matches a hash.

The default implementation checks for equality; if a hasher embeds salt in hashes it should override this method and perform a salt-aware comparison.

PhabricatorBcryptPasswordHasher
This method is not documented.
Parameters
PhutilOpaqueEnvelope$passwordPassword to compare.
PhutilOpaqueEnvelope$hashBare password hash.
Return
boolTrue if the passwords match.

protected function canUpgradeInternalHash($hash)

PhabricatorPasswordHasher

Check if an existing hash created by this algorithm is upgradeable.

The default implementation returns false. However, hash algorithms which have (for example) an internal cost function may be able to upgrade an existing hash to a stronger one with a higher cost.

PhabricatorBcryptPasswordHasher
This method is not documented.
Parameters
PhutilOpaqueEnvelope$hashBare hash.
Return
boolTrue if the hash can be upgraded without changing the algorithm (for example, to a higher cost).

final public function getPasswordHashForStorage($envelope)
Inherited

PhabricatorPasswordHasher

Get the hash of a password for storage.

Parameters
PhutilOpaqueEnvelope$envelopePassword text.
Return
PhutilOpaqueEnvelopeHashed text.

private static function parseHashFromStorage($hash)
Inherited

PhabricatorPasswordHasher

Parse a storage hash into its components, like the hash type and hash data.

Parameters
PhutilOpaqueEnvelope$hash
Return
mapDictionary of information about the hash.

public static function getAllHashers()
Inherited

PhabricatorPasswordHasher

Get all available password hashers. This may include hashers which can not actually be used (for example, a required extension is missing).

Return
list<PhabricatorPasswordHasher>Hasher objects.

public static function getAllUsableHashers()
Inherited

PhabricatorPasswordHasher

Get all usable password hashers. This may include hashers which are not desirable or advisable.

Return
list<PhabricatorPasswordHasher>Hasher objects.

public static function getBestHasher()
Inherited

PhabricatorPasswordHasher

Get the best (strongest) available hasher.

Return
PhabricatorPasswordHasherBest hasher.

public static function getHasherForHash($hash)
Inherited

PhabricatorPasswordHasher

Get the hasher for a given stored hash.

Parameters
PhutilOpaqueEnvelope$hash
Return
PhabricatorPasswordHasherCorresponding hasher.

public static function canUpgradeHash($hash)
Inherited

PhabricatorPasswordHasher

Test if a password is using an weaker hash than the strongest available hash. This can be used to prompt users to upgrade, or automatically upgrade on login.

Parameters
PhutilOpaqueEnvelope$hash
Return
boolTrue to indicate that rehashing this password will improve the hash strength.

public static function generateNewPasswordHash($password)
Inherited

PhabricatorPasswordHasher

Generate a new hash for a password, using the best available hasher.

Parameters
PhutilOpaqueEnvelope$passwordPassword to hash.
Return
PhutilOpaqueEnvelopeHashed password, using best available hasher.

public static function comparePassword($password, $hash)
Inherited

PhabricatorPasswordHasher

Compare a password to a stored hash.

Parameters
PhutilOpaqueEnvelope$passwordPassword to compare.
PhutilOpaqueEnvelope$hashStored password hash.
Return
boolTrue if the passwords match.

public static function getCurrentAlgorithmName($hash)
Inherited

PhabricatorPasswordHasher

Get the human-readable algorithm name for a given hash.

Parameters
PhutilOpaqueEnvelope$hashStorage hash.
Return
stringHuman-readable algorithm name.

public static function getBestAlgorithmName()
Inherited

PhabricatorPasswordHasher

Get the human-readable algorithm name for the best available hash.

Return
stringHuman-readable name for best hash.

private function getBcryptCost()

This method is not documented.
Return
wild