Secure password hashing functions for user authentication.

Based on the Portable PHP password hashing framework.

An alternative or custom version of this password hashing API may be used by setting the variable password_inc to the name of the PHP file containing replacement user_hash_password(), user_check_password(), and user_needs_new_hash() functions.

See also

http://www.openwall.com/phpass/

File

core/includes/password.inc

Functions

Namesort descending Description
user_check_password Check whether a plain text password matches a stored hashed password.
user_hash_password Hash a password using a secure hash.
user_needs_new_hash Check whether a user's hashed password needs to be replaced with a new hash.
_password_base64_encode Encodes bytes into printable base 64 using the *nix standard from crypt().
_password_crypt Hash a password using a secure stretched hash.
_password_enforce_log2_boundaries Ensures that $count_log2 is within set bounds.
_password_generate_salt Generates a random base 64-encoded salt prefixed with settings for the hash.
_password_get_count_log2 Parse the log2 iteration count from a stored hash or setting string.
_password_itoa64 Returns a string for mapping an int to the corresponding base 64 character.

Constants

Namesort descending Description
BACKDROP_HASH_COUNT The standard log2 number of iterations for password stretching. This should increase by 1 every Backdrop version in order to counteract increases in the speed and power of computers available to crack the hashes.
BACKDROP_HASH_LENGTH The expected (and maximum) number of characters in a hashed password.
BACKDROP_MAX_HASH_COUNT The maximum allowed log2 number of iterations for password stretching.
BACKDROP_MIN_HASH_COUNT The minimum allowed log2 number of iterations for password stretching.