The built-in hash_pbkdf2() function in PHP returns the PBKDF2 key derivation for the given password.
PBKDF2 stands for Password Based Key Derivation Function 2. The PBKDF2 key derivation uses pseudorandom function, such as the hash_based message authentication code (HMAC) that is applied to the given password or message along with the salt and the process is iterated multiple times to get the key. This function is mainly used to hash password and PBKDF2 key derivation function is designed in such a way that it becomes difficult for the attacker or unauthorized user to guess the original password hashed.
hash_pbkdf2 ( string $algo , string $password , string $salt , int $iterations [ , int $length = 0 [, bool $raw_output = FALSE ] ] ) : string
|Sr.No||Parameter & Description|
Name of the hashing algorithm. There is a big list of algorithm available with hash, some important ones are md5, sha256, etc.
To get the full list of algorithms supported, check for hash_algos()
Password for which you need to generate PBKDF2 key derivation.
The salt you want to use to derive the PBKDF2 key derivation.
The internal interations to be performed to get to the final derivation.
The final PBKDF2 key derivation length. If raw_output is TRUE, the derived key corresponds to the byte-length, if raw_output is FALSE, it will be twice the byte-length of the derived key
If the raw_output is false, the output will be a string with lowercase hexits, if TRUE the output will be raw binary data.
<?php $password = "mypassword"; $iterations = 500; $salt = 'testingkey'; $pbkdf2_hash = hash_pbkdf2("md5", $password, $salt, $iterations, 25); echo $pbkdf2_hash; ?>
<?php $password = "mypassword"; $iterations = 1000; $salt = openssl_random_pseudo_bytes(10); //generates pseudo-random string of bytes $pbkdf2_hash = hash_pbkdf2("sha256", $password, $salt, $iterations, 10); echo $pbkdf2_hash; ?>
<?php $password = "mypassword"; $iterations = 1000; $salt = openssl_random_pseudo_bytes(10); //generates pseudo-random string of bytes $pbkdf2_hash = hash_pbkdf2("sha256", $password, $salt, $iterations, 10, true); echo $pbkdf2_hash; ?>
In this example, we are going to make use of base64_encode() function that is going to convert the raw binary output from the PHP hash_pbkdf2() into a readable string.
<?php echo base64_encode( hash_pbkdf2("sha256", 'passwordtest', openssl_random_pseudo_bytes(10), 5000, 10, true) ); ?>
Do feel free to ask your questions where necessary and we will attend to them as soon as possible. If this tutorial was helpful to you, you can use the share button to share this tutorial.
Do follow us on our various social media handles available and also subscribe to our newsletter to get our tutorial posts delivered directly to your emails.
Thanks for reading and bye for now.