-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathArgon2id.php
71 lines (58 loc) · 2.66 KB
/
Argon2id.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<?php
// ### the minimal parameter set is probably UNSECURE ###
function generateArgon2idMinimal($password, $salt) {
$opsLimit= 2;
$memLimit = 8192 * 1024;
$outputLength = 32;
return sodium_crypto_pwhash ($outputLength, $password, $salt, $opsLimit, $memLimit, SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13);
}
function generateArgon2idInteractive($password, $salt) {
$opsLimit= 2;
$memLimit = 66536 * 1024;
$outputLength = 32;
return sodium_crypto_pwhash ($outputLength, $password, $salt, $opsLimit, $memLimit, SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13);
}
function generateArgon2idModerate($password, $salt) {
$opsLimit= 3;
$memLimit = 262144 * 1024;
$outputLength = 32;
return sodium_crypto_pwhash ($outputLength, $password, $salt, $opsLimit, $memLimit, SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13);
}
function generateArgon2idSensitive($password, $salt) {
$opsLimit= 4;
$memLimit = 1048576 * 1024;
$outputLength = 32;
return sodium_crypto_pwhash ($outputLength, $password, $salt, $opsLimit, $memLimit, SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13);
}
function base64Encoding($input)
{
return base64_encode($input);
}
function generateSalt16Byte()
{
return openssl_random_pseudo_bytes(16, $crypto_strong);
}
function generateFixedSalt16Byte()
{
// ### security warning - never use this in production ###
return "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
}
echo 'Generate a 32 byte long encryption key with Argon2id' . PHP_EOL;
$password = "secret password";
echo 'password: ' . $password . PHP_EOL;
// ### security warning - never use a fixed salt in production, this is for compare reasons only
//$salt = generateFixedSalt32Byte();
$salt = generateFixedSalt16Byte();
// please use below generateSalt16Byte()
//$salt = generateSalt16Byte();
echo 'salt (Base64): ' . base64Encoding($salt) . PHP_EOL;
// ### the minimal parameter set is probably UNSECURE ###
$encryptionKeyArgon2id = generateArgon2idMinimal($password, $salt);
echo 'encryptionKeyArgon2id (Base64) minimal: ' . base64Encoding($encryptionKeyArgon2id) . PHP_EOL;
$encryptionKeyArgon2id = generateArgon2idInteractive($password, $salt);
echo 'encryptionKeyArgon2id (Base64) interactive: ' . base64Encoding($encryptionKeyArgon2id) . PHP_EOL;
$encryptionKeyArgon2id = generateArgon2idModerate($password, $salt);
echo 'encryptionKeyArgon2id (Base64) moderate: ' . base64Encoding($encryptionKeyArgon2id) . PHP_EOL;
$encryptionKeyArgon2id = generateArgon2idSensitive($password, $salt);
echo 'encryptionKeyArgon2id (Base64) sensitive: ' . base64Encoding($encryptionKeyArgon2id) . PHP_EOL;
?>