hash-library

A simple way to choose the hashing algorithm - secure your site with strong hashing.
5 followers

HASH Library

HASH Library box

About

Main purpose of the Library is encapsulate hashing mechanisms and give to them a convenient and simple interface of access:

// give default strategy (task: HASH::COMMON, strategy: HASH::MD5)
$crypt = HASH::getInstance();
 
// give default strategy for password hashing (strategy: HASH::SHA1_MD5)
$crypt = HASH::getInstance(HASH::PASSWORD);
 
// give selected strategy for password hashing
$crypt = HASH::getInstance(HASH::PASSWORD, array(
    'strategy' => HASH::MD5_SALT_SHA1,      // some strategies require salt, by default $salt = substr(md5(__CLASS__), 0, 22)
    'salt' => $this->config->item('salt'),  // salt, for example, can be stored globally in the site settings
));

Information

Requirements

  • PHP grater or equals than 5.3.0

Preparation

Classes are connected via a relative path. And therefore you must add parent folder of the Library into include path:

set_include_path(get_include_path() . PATH_SEPARATOR . 'path/to/folder/which/contains/HASH');

Work with library

Hashing and comparing:

$crypt = HASH::getInstance(HASH::PASSWORD);
$hash = $crypt->make($string);
 
if ($crypt->compare($input, $stored)) {
    echo 'Match';
} else {
    echo 'Do not match';
}

New feature in version 1.3:

if ($crypt->isHashed($password)) {
    echo 'Is hashed';
} else {
    echo 'Is not hashed';
}

Adapters

Yii

Yii_Hash designed for handy integration the Library with Yii framework.

Setup configuration of the Library:

Yii::setPathOfAlias('HASH', 'path/to/HASH'); // set namespace
 
return array(
    ...,
    'components' => array(
        ...,
        'hash' => array(
            'class' => 'HASH\adapters\Yii_Hash',
            'strategies' => array(
                'pass' => array(
                    'strategy' => 17, // or HASH\HASH::BLOWFISH_RANDOM_SALT,
                    'cost' => 12,
                ),
            ),
        ),
    ),
);

After that you can use it as usual component Yii:

$hash = Yii::app()->hash->pass->make($input);
 
if (Yii::app()->hash->pass->compare($input, $stored)) {
    echo 'Match';
} else {
    echo 'Do not match';
}

Use new method iHash::isHashed() in ActiveRecord:

class User extends CActiveRecord
{
    protected function beforeSave()
    {
        if (parent::beforeSave()) {
            /**
             * @var iHash $crypt
             */
            $crypt = Yii::app()->hash->pass;
            if ( ! $crypt->isHashed($this->password)) {
                $this->password = $crypt->make($this->password);
            }
            return true;
        }
        return false;
    }
}

CodeIgniter

CI_Hash designed for handy integration the Library with CodeIgniter framework.

You can define configuration of the Library in hash.php file in config folder of CodeIgniter:

$config = array(
    'pass' => array(
        'strategy' => HASH::SHA1_MD5_SALT,
        'salt' => 'q3XBgoiRCXfuTertfplXv1ICT',
    ),
    'email' => array(
        'strategy' => HASH::MD5_SALT,
        'salt' => 'GswJNrMQAA_Q',
    ),
);

Or you can put config into loader:

$config = array(
    'pass' => array(
        'strategy' => HASH::SHA1_MD5_SALT,
        'salt' => 'q3XBgoiRCXfuTertfplXv1ICT',
    ),
    'email' => array(
        'strategy' => HASH::MD5_SALT,
        'salt' => 'GswJNrMQAA_Q',
    ),
);
$this->load->library('hash', $config);

After that you can use it as usual library for CodeIgniter:

$hash = $this->hash->pass->make($input);
 
if ($this->hash->pass->compare($input, $stored)) {
    echo 'Match';
} else {
    echo 'Do not match';
}

Silex

SLX_Hash designed for handy integration the Library with Silex framework.

Access to the Library implemented via ServiceProvider:

use HASH\adapters\SLX_Hash as Hash;
$app->register(new Hash(), array(
    'hash.task' => HASH::SHA1_MD5_SALT,
    'hash.config' => array(
        'strategy' => HASH::SHA1_MD5_SALT,
        'salt' => 'q3XBgoiRCXfuTertfplXv1ICT',
    ),
));

After that you can use it as usual service provider for Silex:

$pass = 'hash_of_super_secret_pass';
 
$app->post('login', function (Application $app, Request $request) use ($pass) {
    $crypt = $app['hash'];
    if ($crypt->compare($request->get('pass'), $pass)) {
        echo 'Match';
    } else {
        echo 'Do not match';
    }
})

Unit tests

All tests located at tests folder. You can run it as follows:

% phpunit StrategiesUnitTest
% phpunit ComponentUnitTest

License

Copyright (c) HASH Library from OctoLab

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Total 3 comments

#14999 report it
dodgerid at 2013/09/27 12:11pm
Many Thanks

Many Thanks kamilsk,

Indeed you are correct and it now works correctly.

Many Thanks

#14977 report it
kamilsk at 2013/09/25 02:01pm
Feedback

Hi, dodgerid! Thanks for using our library and thanks for feedback!:)

"I have a problem, I have implemented HASH, as per your instructions, and it all work except for on comparing the password when logging on the hashes do not compare."

$hash = Yii::app()->hash->pass->make($this->password);
if (Yii::app()->hash->pass->compare($hash, $record->password)) {
    echo 'Match';
} else {
    ...
}

You have a small error in the code here. Proper usage:

if (Yii::app()->hash->pass->compare($this->password, $record->password)) {
    echo 'Match';
} else {
    ...
}

And other type error:

if($record===null)
    $this->errorCode=self::ERROR_USERNAME_INVALID;
if (Yii::app()->hash->pass->compare($hash, $record->password)) { // <-- here $record can be null
    ...

Must be:

if ($record===null) {
    $this->errorCode = self::ERROR_USERNAME_INVALID;
} elseif (Yii::app()->hash->pass->compare($this->password, $record->password)) {
    ...
} else {
    ...
}

PS: we are working on a new release, and soon it will be available:)

// less strategies and more flexibility
$hash = HASH::getInstance()->md5()->salt($salt)->sha1()->make($password);
 
$state = HASH::getInstance()->md5()->salt($salt)->sha1()->getState();
$hash = $state->make($password);
if ($state->compare($input, $stored)) {
    // match
}

OctoLab

#14965 report it
dodgerid at 2013/09/25 06:23am
Mixed Hashes

Hi kamilsk,

I have a problem, I have implemented HASH, as per your instructions, and it all work except for on comparing the password when logging on the hashes do not compare.

I am using only the yii_hash adapter, which is configured in main exactly as instructed, and implemented in this way:

public function authenticate()
    {
        $hash = Yii::app()->hash->pass->make($this->password);
        $record = UserTable::model()->findByAttributes(array('user_name'=>$this->username));
        if($record===null)
            $this->errorCode=self::ERROR_USERNAME_INVALID;
        if (Yii::app()->hash->pass->compare($hash, $record->password)) {
            echo 'Match';
        } else {
            $this->errorCode=self::ERROR_PASSWORD_INVALID;
        }
        return !$this->errorCode;
    }

I have set default timezone etc, but have not yet had a successful compare.

the save function is implemented as per instructions :

protected function beforeSave()
    {
        if (parent::beforeSave()) {
            /**
             * @var iHash $crypt
             */
            $crypt = Yii::app()->hash->pass;
            if ( ! $crypt->isHashed($this->password)) {
                $this->password = $crypt->make($this->password);
            }
            return true;
        }
        return false;
    }

Can you shed any light on this please ?

Leave a comment

Please to leave your comment.

Create extension
Downloads