patternphpMinor
Recursive hashing function
Viewed 0 times
hashingrecursivefunction
Problem
This method is part of my login system. Could I improve it further?
protected function _hashPassword($password = NULL, $rounds = 1000, $i = 1)
{
if (! isset($password)) throw new Exception('No password set!');
$salt = 'K^^%/m>(|{z= $1^>%>W[=4U5*p|,E';
$pepper = '08[)^,&%^^771^=>&,E[XP::4})h*I';
$dinner = $salt.$password.$pepper;
if ($i >= $rounds) return sha1($dinner);
return sha1($this->_hashPassword($dinner, $rounds, $i+1).$password);
}Solution
I would use a for loop instead of recursive calls:
From http://php.net/manual/en/functions.user-defined.php:
It is possible to call recursive functions in PHP. However avoid
recursive function/method calls with over 100-200 recursion levels as
it can smash the stack and cause a termination of the current script.
Furthermore, I would use the username as 'pepper'. It would make your hash more unpredictable.
protected function _hashPassword($password = NULL, $rounds = 1000) {
if (!isset($password)) throw new Exception('No password set!');
$salt = 'K^^%/m>(|{z= $1^>%>W[=4U5*p|,E';
$pepper = '08[)^,&%^^771^=>&,E[XP::4})h*I';
$dinner = $salt . $password . $pepper;
for ($i = 0; $i < $rounds; $i++) {
$dinner = sha1($dinner . $password);
}
return $dinner;
}From http://php.net/manual/en/functions.user-defined.php:
It is possible to call recursive functions in PHP. However avoid
recursive function/method calls with over 100-200 recursion levels as
it can smash the stack and cause a termination of the current script.
Furthermore, I would use the username as 'pepper'. It would make your hash more unpredictable.
Code Snippets
protected function _hashPassword($password = NULL, $rounds = 1000) {
if (!isset($password)) throw new Exception('No password set!');
$salt = 'K^^%/m>(|{z= $1^>%>W[=4U5*p|,E';
$pepper = '08[)^,&%^^771^=>&,E[XP::4})h*I';
$dinner = $salt . $password . $pepper;
for ($i = 0; $i < $rounds; $i++) {
$dinner = sha1($dinner . $password);
}
return $dinner;
}Context
StackExchange Code Review Q#6426, answer score: 5
Revisions (0)
No revisions yet.