PHP Classes
elePHPant
Icontem

ghostHash: Generate and verify quick and strong key hashes

Recommend this page to a friend!
  Info   View files Example   View files View files (4)   DownloadInstall with Composer Download .zip   Reputation   Support forum (2)   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2015-11-10 (3 years ago) RSS 2.0 feedStarStarStar 58%Total: 177 All time: 8,469 This week: 372Up
Version License PHP version Categories
ghosthash 1.0GNU General Publi...5.5Cryptography
Description Author

This class can generate and verify quick and strong key hashes.

It can generate hashes for given keys using quick method using optional salt and pepper values, and strong methods that use PHP password hashing functions.

The class can also validate hashes for given keys.

It can also calculate the cost value for strong hashing based on the time that it should take to compute the hash.

Recommendations
Innovation Award
PHP Programming Innovation award nominee
January 2016
Number 5
Nowadays, strong password hashing methods apply the same hashing algorithms multiple times to increase the cost of brute force attacks meant to find the passwords stored as hashes.

Increasing the number of iterations also increases the cost of those brute force methods making them practically enviable.

So one question remains, how many iterations are enough to apply those hashing algorithms to make them secure enough?

This class can provide some help to determine a minimum number of iterations for current hardware by applying the hashing algorithm enough times to exceed a given minimum length of time that you want the hashing to take.

Manuel Lemos
  Performance   Level  
Name: Dave Smith <contact>
Classes: 47 packages by
Country: United States United States
Innovation award
Innovation award
Nominee: 29x

Winner: 6x

 

Details
Class: ghostHash
Version: 1.0 11/10/2015

Copyright 2015 Wagon Trader, All Rights Reserved


Description:

This class is developed to be a secure key hashing application pre-loaded on the system.

Files:

ghosthash.class.php - Main class

example.php - Usage examples


Installation:

The ghosthash.class.php file is intended to be pre-loaded onto the system. Follow these
instructions for the best security.

Upload the ghosthash.class.php file into a private folder which is not web accessible.
Depending on your servers file system, this could be the /usr/ or /private/ folders. If you
are not sure which folder to use, your server administrator should be able to help.

If you only have access to public web accessible folders, that is okay, go ahead and upload
the ghosthash.class.php file there. Web accessible folders will be 'public_html',
/www/ or something similar.

Change the auto_prepend_file setting in your php.ini file to load the ghosthash.class.php
file. You must include the full path to file, so the instruction would look something like...

auto_prepend_file = "/full/path/to/ghosthash.class.php"

replacing /full/path/to/ with the actual path to the file.

If you do not have access to the php.ini file, you can change the setting in your .htaccess file
by including the line...

php_value auto_prepend_file /full/path/to/ghosthash.class.php

replacing /full/path/to/ with the actual path to the file.

If you do not have access to the php.ini file or are not allowed to change php settings within
the .htaccess file, you will need to get further instructions from your server admin to
complete this step.

If all else fails, do not worry, you can always include the ghosthash.class.php script inside
your php scripts, however this is less secure when using quick hash methods.

The example.php file can be included within your public document root and accessed through
your browser to see ghostHash in action.

Configuration:

You should change the $pepper values in the ghost.class.php to a unique string only known to
you. This variable is located in both the quickHash and verifyQuickHash methods and should 
be exaclty the same text in each.

If you should want to use ghostHash as an object, you can uncomment the last line in the
ghosthash.class.php file to automatically instantiate the class. This is not neccessary, since
ghostHash was designed to be used staticly.

Method Usage:

ghostHash::quickHash(string key[,string salt=''][,string pepper=''])

Use the quickHash method to return a fairly secure hash of the supplied key.
You can salt the key by optionally supplying a salt string.
You can over-ride the default pepper string by optionally supplying one.
Returns a 32 character hash.

ghostHash::verifyQuickHash(string key, string hash[,string salt=''][,string pepper=''])

Use the verifyQuickHash method to verify the supplied key is valid for the supplied hash.
If you supplied salt or pepper when generating the hash, you must supply them here as well.
Returns true if valid or false if invalid

ghostHash::strongHash(string key[,cost=10])

Use the strongHash method to generate a very strong hash for the supplied key
The optional cost value can be supplied to set the computational cost based on your system,
the calculateCost method can be used to get the best value.
Returns a 60 charachter hash. This may increase in the future, is is best to store these
hashes in a 255 character field.

ghostHash::calculateCost(void)

Use the calculateCost method to determine the best cost value used with strong hashes.
Returns the best cost value to use.

ghostHash::verifyStrongHash(string key, string hash)

Use the verifyStrongHash method to verify the supplied key is valid for the supplied hash.
Returns true if valid or false if invalid

ghostHash::newStrongHash(string hash[,int cost=10])

Use the newStrongHash method to determine if a new hash should be generated.
If there has been a change in the best cost or hashing algorythm, this method can be
used to check that the supplied hash meets these standards.
Returns true if a new hash should be generated or false if the hash is still within standards.

ghostHash::strongHashInfo(string hash)

Use the strongHashInfo method to get information on the supplied hash.
Returns an array of algo (algorythm used), algoName (human readable name of algorythm) and options
used to generate the algorythm.

Changelog

1.0

Initial release
  Files folder image Files  
File Role Description
Accessible without login Plain text file example.php Example Example Usage
Plain text file ghosthash.class.php Class Main Class
Accessible without login Plain text file license.txt Lic. License
Accessible without login Plain text file manual.txt Doc. Documentation

 Version Control Unique User Downloads Download Rankings  
 0%
Total:177
This week:0
All time:8,469
This week:372Up
User Ratings User Comments (1)
 All time
Utility:68%StarStarStarStar
Consistency:75%StarStarStarStar
Documentation:75%StarStarStarStar
Examples:87%StarStarStarStarStar
Tests:-
Videos:-
Overall:58%StarStarStar
Rank:1562
 
keyHash = md5($pepper.
3 years ago (Filip Oscadal)
15%Star