PHP | hash_pbkdf2() Function
April 21, 2021
Hello folks! welcome back to a new edition of our tutorial on PHP. In this tutorial guide, we are going to be studying about the PHP hash_pbkdf2() Function.
The built-in hash_pbkdf2() function in PHP returns the PBKDF2 key derivation for the given password.
PBKDF2 stands for Password Based Key Derivation Function 2. The PBKDF2 key derivation uses pseudorandom function, such as the hash_based message authentication code (HMAC) that is applied to the given password or message along with the salt and the process is iterated multiple times to get the key. This function is mainly used to hash password and PBKDF2 key derivation function is designed in such a way that it becomes difficult for the attacker or unauthorized user to guess the original password hashed.
The built-in hash_pbkdf2() function in PHP returns the PBKDF2 key derivation for the given password.
PBKDF2 stands for Password Based Key Derivation Function 2. The PBKDF2 key derivation uses pseudorandom function, such as the hash_based message authentication code (HMAC) that is applied to the given password or message along with the salt and the process is iterated multiple times to get the key. This function is mainly used to hash password and PBKDF2 key derivation function is designed in such a way that it becomes difficult for the attacker or unauthorized user to guess the original password hashed.
Syntax
Following below is the syntax to use this function -
hash_pbkdf2 ( string $algo , string $password , string $salt , int $iterations [ , int $length = 0 [, bool $raw_output = FALSE ] ] ) : string
Parameter Details
| Sr.No | Parameter & Description |
|---|---|
| 1 | algo Name of the hashing algorithm. There is a big list of algorithm available with hash, some important ones are md5, sha256, etc. To get the full list of algorithms supported, check for hash_algos() |
| 2 | password Password for which you need to generate PBKDF2 key derivation. |
| 3 | salt The salt you want to use to derive the PBKDF2 key derivation. |
| 4 | iterations The internal interations to be performed to get to the final derivation. |
| 5 | length The final PBKDF2 key derivation length. If raw_output is TRUE, the derived key corresponds to the byte-length, if raw_output is FALSE, it will be twice the byte-length of the derived key |
| 6 | raw_output If the raw_output is false, the output will be a string with lowercase hexits, if TRUE the output will be raw binary data. |
Return Value
It returns a string that has the derived key as lowercase hexits, if raw_output is false and if raw_output is true then the string is going to be a raw binary representation of the derived key.
PHP Version
This built-in PHP function works from PHP version greater than 5.5.0.
Example1
The following example demonstrates the usage of the PHP hash_pbkdf2() function -
<?php $password = "mypassword"; $iterations = 500; $salt = 'testingkey'; $pbkdf2_hash = hash_pbkdf2("md5", $password, $salt, $iterations, 25); echo $pbkdf2_hash; ?>
Output
When the above code is executed, it will produce the following result -
cb0130970bb39f6a95d193934
Example2
The following below is an example which demonstrates the usage of hash_pbkdf2() function with 1000 iterations -
<?php $password = "mypassword"; $iterations = 1000; $salt = openssl_random_pseudo_bytes(10); //generates pseudo-random string of bytes $pbkdf2_hash = hash_pbkdf2("sha256", $password, $salt, $iterations, 10); echo $pbkdf2_hash; ?>
Output
When the above code is executed, it will produce the following result -
0c31d20aa2
Example3
The following example demonstrates the usage of the hash_pbkdf2() function with the raw_output set as TRUE -
<?php $password = "mypassword"; $iterations = 1000; $salt = openssl_random_pseudo_bytes(10); //generates pseudo-random string of bytes $pbkdf2_hash = hash_pbkdf2("sha256", $password, $salt, $iterations, 10, true); echo $pbkdf2_hash; ?>
Example4
The following example demonstrates the usage of the hash_pbkdf2() function with the raw_output set to TRUE -
In this example, we are going to make use of base64_encode() function that is going to convert the raw binary output from the PHP hash_pbkdf2() into a readable string.
In this example, we are going to make use of base64_encode() function that is going to convert the raw binary output from the PHP hash_pbkdf2() into a readable string.
<?php echo base64_encode( hash_pbkdf2("sha256", 'passwordtest', openssl_random_pseudo_bytes(10), 5000, 10, true) ); ?>
Output
When the above code is executed, it will produce the following result -
2FogGKtZxmt4iQ==
READ: PHP | hash() Function
Alright guys! This is where we are rounding up for this tutorial post. In our next tutorial, we will discuss about the PHP hash_algos() Function.
Do feel free to ask your questions where necessary and we will attend to them as soon as possible. If this tutorial was helpful to you, you can use the share button to share this tutorial.
Do follow us on our various social media handles available and also subscribe to our newsletter to get our tutorial posts delivered directly to your emails.
Thanks for reading and bye for now.
Do feel free to ask your questions where necessary and we will attend to them as soon as possible. If this tutorial was helpful to you, you can use the share button to share this tutorial.
Do follow us on our various social media handles available and also subscribe to our newsletter to get our tutorial posts delivered directly to your emails.
Thanks for reading and bye for now.