protected function PhpassHashedPassword::generateSalt in Drupal 8
Same name and namespace in other branches
- 9 core/lib/Drupal/Core/Password/PhpassHashedPassword.php \Drupal\Core\Password\PhpassHashedPassword::generateSalt()
Generates a random base 64-encoded salt prefixed with hash settings.
Proper use of salts may defeat a number of attacks, including:
- The ability to try candidate passwords against multiple hashes at once.
- The ability to use pre-hashed lists of candidate passwords.
- The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.
Return value
string A 12 character string containing the iteration count and a random salt.
1 call to PhpassHashedPassword::generateSalt()
- PhpassHashedPassword::hash in core/
lib/ Drupal/ Core/ Password/ PhpassHashedPassword.php - Hash a password using a secure hash.
File
- core/
lib/ Drupal/ Core/ Password/ PhpassHashedPassword.php, line 106
Class
- PhpassHashedPassword
- Secure password hashing functions based on the Portable PHP password hashing framework.
Namespace
Drupal\Core\PasswordCode
protected function generateSalt() {
$output = '$S$';
// We encode the final log2 iteration count in base 64.
$output .= static::$ITOA64[$this->countLog2];
// 6 bytes is the standard salt for a portable phpass hash.
$output .= $this
->base64Encode(random_bytes(6), 6);
return $output;
}