Delicious Bookmark this on Delicious Share on Facebook SlashdotSlashdot It! Digg! Digg

PHP : Function Reference : Mhash Functions : mhash_keygen_s2k


Generates a key (PHP 4 >= 4.0.4, PHP 5)
string mhash_keygen_s2k ( int hash, string password, string salt, int bytes )

Code Examples / Notes » mhash_keygen_s2k


Correction to ray ferguson post,
As said in the doc : "mhash_keygen_s2k generates a key that is bytes long, from a user given password and use the specified hash algorithm to create the key." if It wasn't clear to anyone.
The non mhash function is good as long you do not need a key longer than native MD5 hash (16 bytes)  it wont give you more.
So the non mhash function work OK but they ARE NOT the same thing.
Just try ray ferguson exemple asking for a 32 bytes key.
Returning a substring longer than the packed 16 bytes string won't add anything to the string. Salted S2K algorithm does add to the key.  So better use mhash lib or create something more alike the RFC 2440 specs.
I know the post is late on regard to Ray's post but if it can help someone not waisting time like me.

// given random 8 bits of salt and a clear text password
$clear_pw = "p4ssw0rd" ;
$rand8bites4salt = substr(pack("h*", md5(mt_rand())) , 0, 8);
// This
mhash_keygen_s2k(MHASH_MD5, $clear_pw, $rand8bites4salt, 4) ;
//is the same as this
function myhash_keyge_s2k($pass, $salt, $bytes ){
     return substr(pack("H*", md5($salt . $pass)), 0, $bytes);
myhash_keyge_s2k($clear_pw, $rand8bites4salt, 4);
// But the latter doesn't require mhash libs.
// -ray ferguson

Change Language

Follow Navioo On Twitter
eXTReMe Tracker