Class: ghostHash
Version: 1.0 11/10/2015
Copyright 2015 Wagon Trader, All Rights Reserved
Description:
This class is developed to be a secure key hashing application pre-loaded on the system.
Files:
ghosthash.class.php - Main class
example.php - Usage examples
Installation:
The ghosthash.class.php file is intended to be pre-loaded onto the system. Follow these
instructions for the best security.
Upload the ghosthash.class.php file into a private folder which is not web accessible.
Depending on your servers file system, this could be the /usr/ or /private/ folders. If you
are not sure which folder to use, your server administrator should be able to help.
If you only have access to public web accessible folders, that is okay, go ahead and upload
the ghosthash.class.php file there. Web accessible folders will be 'public_html',
/www/ or something similar.
Change the auto_prepend_file setting in your php.ini file to load the ghosthash.class.php
file. You must include the full path to file, so the instruction would look something like...
auto_prepend_file = "/full/path/to/ghosthash.class.php"
replacing /full/path/to/ with the actual path to the file.
If you do not have access to the php.ini file, you can change the setting in your .htaccess file
by including the line...
php_value auto_prepend_file /full/path/to/ghosthash.class.php
replacing /full/path/to/ with the actual path to the file.
If you do not have access to the php.ini file or are not allowed to change php settings within
the .htaccess file, you will need to get further instructions from your server admin to
complete this step.
If all else fails, do not worry, you can always include the ghosthash.class.php script inside
your php scripts, however this is less secure when using quick hash methods.
The example.php file can be included within your public document root and accessed through
your browser to see ghostHash in action.
Configuration:
You should change the $pepper values in the ghost.class.php to a unique string only known to
you. This variable is located in both the quickHash and verifyQuickHash methods and should
be exaclty the same text in each.
If you should want to use ghostHash as an object, you can uncomment the last line in the
ghosthash.class.php file to automatically instantiate the class. This is not neccessary, since
ghostHash was designed to be used staticly.
Method Usage:
ghostHash::quickHash(string key[,string salt=''][,string pepper=''])
Use the quickHash method to return a fairly secure hash of the supplied key.
You can salt the key by optionally supplying a salt string.
You can over-ride the default pepper string by optionally supplying one.
Returns a 32 character hash.
ghostHash::verifyQuickHash(string key, string hash[,string salt=''][,string pepper=''])
Use the verifyQuickHash method to verify the supplied key is valid for the supplied hash.
If you supplied salt or pepper when generating the hash, you must supply them here as well.
Returns true if valid or false if invalid
ghostHash::strongHash(string key[,cost=10])
Use the strongHash method to generate a very strong hash for the supplied key
The optional cost value can be supplied to set the computational cost based on your system,
the calculateCost method can be used to get the best value.
Returns a 60 charachter hash. This may increase in the future, is is best to store these
hashes in a 255 character field.
ghostHash::calculateCost(void)
Use the calculateCost method to determine the best cost value used with strong hashes.
Returns the best cost value to use.
ghostHash::verifyStrongHash(string key, string hash)
Use the verifyStrongHash method to verify the supplied key is valid for the supplied hash.
Returns true if valid or false if invalid
ghostHash::newStrongHash(string hash[,int cost=10])
Use the newStrongHash method to determine if a new hash should be generated.
If there has been a change in the best cost or hashing algorythm, this method can be
used to check that the supplied hash meets these standards.
Returns true if a new hash should be generated or false if the hash is still within standards.
ghostHash::strongHashInfo(string hash)
Use the strongHashInfo method to get information on the supplied hash.
Returns an array of algo (algorythm used), algoName (human readable name of algorythm) and options
used to generate the algorythm.
Changelog
1.0
Initial release
|
Download
