function _password_generate_salt in Acquia Connector 6.2

Generates a random base 64-encoded salt prefixed with settings for the hash.

Proper use of salts may defeat a number of attacks, including:

The ability to try candidate passwords against multiple hashes at once.
The ability to use pre-hashed lists of candidate passwords.
The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.

Parameters

$count_log2: Integer that determines the number of iterations used in the hashing process. A larger value is more secure, but takes more time to complete.

Return value

A 12 character string containing the iteration count and a random salt.

1 call to _password_generate_salt()

user_hash_password in acquia_agent/password.inc: Hash a password using a secure hash.

File

acquia_agent/password.inc, line 99: Secure password hashing functions for user authentication.

Code

function _password_generate_salt($count_log2) {
  $output = '$S$';

  // Minimum log2 iterations is DRUPAL_MIN_HASH_COUNT.
  $count_log2 = max($count_log2, DRUPAL_MIN_HASH_COUNT);

  // Maximum log2 iterations is DRUPAL_MAX_HASH_COUNT.
  // We encode the final log2 iteration count in base 64.
  $itoa64 = _password_itoa64();
  $output .= $itoa64[min($count_log2, DRUPAL_MAX_HASH_COUNT)];

  // 6 bytes is the standard salt for a portable phpass hash.
  $output .= _password_base64_encode(password_random_bytes(6), 6);
  return $output;
}

You are here

function _password_generate_salt in Acquia Connector 6.2

Parameters

Return value

File

Code

API Navigation