PHP | hash_pbkdf2() Function

PHP pbkdf2() Function


Hello folks! welcome back to a new edition of our tutorial on PHP. In this tutorial guide, we are going to be studying about the PHP hash_pbkdf2() Function.

The built-in hash_pbkdf2() function in PHP returns the PBKDF2 key derivation for the given password.

PBKDF2 stands for Password Based Key Derivation Function 2. The PBKDF2 key derivation uses pseudorandom function, such as the hash_based message authentication code (HMAC) that is applied to the given password or message along with the salt and the process is iterated multiple times to get the key. This function mainly used to hash password and PBKDF2 key derivation function is designed in such a way that it becomes difficult for the attacker or unauthorized user to guess the original password hashed.

Syntax

Following below is the syntax to use this function -

hash_pbkdf2 ( string $algo , string $password , string $salt , int $iterations [
   , int $length = 0 [, bool $raw_output = FALSE ]
] ) : string


Parameter Details

Sr.NoParameter & Description
1

algo

Name of the hashing algorithm. There is a big list of algorithm available with hash, some important ones are md5, sha256, etc.

To get the full list of algorithms supported, check for hash_algos()

2

password

Password for which you need to generate PBKDF2 key derivation.

3

salt

The salt you want to use to derive the PBKDF2 key derivation.

4

iterations

The internal interations to be performed to get to the final derivation.

5

length

The final PBKDF2 key derivation length. If raw_output is TRUE, the derived key corresponds to the byte-length, if raw_output is FALSE, it will be twice the byte-length of the derived key

6

raw_output

If the raw_output is false, the output will be a string with lowercase hexits, if TRUE the output will be raw binary data.


Return Value

It returns a string that has the derived key as lowercase hexits, if raw_output is false and if raw_output is true then the string is going to be a raw binary representation of the derived key.

PHP Version

This built-in PHP function works from PHP version greater than 5.5.0.

Example1

The following example demonstrates the usage of the PHP hash_pbkdf2() function -

<?php
   $password = "mypassword";
   $iterations = 500;
   $salt = 'testingkey';
   $pbkdf2_hash = hash_pbkdf2("md5", $password, $salt, $iterations, 25);
   echo $pbkdf2_hash;	
?>

Output

When the above code is executed, it will produce the following result -

cb0130970bb39f6a95d193934

Example2

The following below is an example which demonstrates the usage of hash_pbkdf2() function with 1000 iterations -

<?php
   $password = "mypassword";
   $iterations = 1000;
   $salt = openssl_random_pseudo_bytes(10); //generates pseudo-random string of bytes
   $pbkdf2_hash = hash_pbkdf2("sha256", $password, $salt, $iterations, 10);
   echo $pbkdf2_hash;
?>

Output

When the above code is executed, it will produce the following result -

0c31d20aa2

Example3

The following example demonstrates the usage of the hash_pbkdf2() function with the raw_output set as TRUE -

<?php
   $password = "mypassword";
   $iterations = 1000;
   $salt = openssl_random_pseudo_bytes(10); //generates pseudo-random string of bytes
   $pbkdf2_hash = hash_pbkdf2("sha256", $password, $salt, $iterations, 10, true);
   echo $pbkdf2_hash;
?>

Example4

The following example demonstrates the usage of the hash_pbkdf2() function with the raw_output set to TRUE -

In this example, we are going to make use of base64_encode() function that is going to convert the raw binary output from the PHP hash_pbkdf2() into a readable string.

<?php
   echo base64_encode(
      hash_pbkdf2("sha256", 'passwordtest', openssl_random_pseudo_bytes(10), 5000, 10, true)
   );
?>

Output

When the above code is executed, it will produce the following result -

2FogGKtZxmt4iQ==


Alright guys! This is where we are rounding up for this tutorial post. In our next tutorial, we will discuss about the PHP hash_algos() Function.

Do feel free to ask your questions where necessary and we will attend to them as soon as possible. If this tutorial was helpful to you, you can use the share button to share this tutorial.

Do follow us on our various social media handles available and also subscribe to our newsletter to get our tutorial posts delivered directly to your emails.

Thanks for reading and bye for now.