Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:61076
Return-Path: <php@golemon.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 28999 invoked from network); 3 Jul 2012 02:37:15 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 3 Jul 2012 02:37:15 -0000
Authentication-Results: pb1.pair.com smtp.mail=php@golemon.com; spf=softfail; sender-id=softfail
Authentication-Results: pb1.pair.com header.from=php@golemon.com; sender-id=softfail
Received-SPF: softfail (pb1.pair.com: domain golemon.com does not designate 209.85.160.170 as permitted sender)
X-PHP-List-Original-Sender: php@golemon.com
X-Host-Fingerprint: 209.85.160.170 mail-gh0-f170.google.com  
Received: from [209.85.160.170] ([209.85.160.170:47559] helo=mail-gh0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id BA/E9-13131-ADA52FF4 for <internals@lists.php.net>; Mon, 02 Jul 2012 22:37:14 -0400
Received: by ghbg2 with SMTP id g2so5586388ghb.29
        for <internals@lists.php.net>; Mon, 02 Jul 2012 19:37:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=mime-version:sender:x-originating-ip:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:cc:content-type
         :x-gm-message-state;
        bh=uYwDx0gQ+Tm2+xQiFtEKZ5wxFXvP1cB2BadXRBV9v/Q=;
        b=mRUWBoSfJ+52bhHjtW10DS1ZesljAh2Hj4lNp8nMf7p2fHRZxskFahE9NUxUex4To9
         +RK8Wy1J/oyRob8dk7kj6G9Ztb4yqzXSYVt1o080VG0gJ3iONsq/hYmlUHRXbsc92uhv
         O7LyRkVaoAPUA7eWKDmvZo3YAJzK56omcsB1L6camX6GmCggnVTjAEe5CnOXhUzOsboz
         1QQU5gacZVwNYfIYyVTfJ3L7rrvAaKHwa3spIG2HBJgCdYKxSVC/eaQD5y1c6Yk7aWGO
         rL3KpymOcemD074wF9WVPTJk4T0oDxz4VoYocpmYppLO8b3vhFprVKnVgOP5Iyen56el
         oXKg==
MIME-Version: 1.0
Received: by 10.50.212.98 with SMTP id nj2mr6894919igc.35.1341283030716; Mon,
 02 Jul 2012 19:37:10 -0700 (PDT)
Sender: php@golemon.com
Received: by 10.64.170.71 with HTTP; Mon, 2 Jul 2012 19:37:10 -0700 (PDT)
X-Originating-IP: [67.164.28.199]
In-Reply-To: <CAAyV7nHtHQKPgK221VsCg310tUVX9UurmV6NpT3P9U2UVE-Mqw@mail.gmail.com>
References: <CAAyV7nGNb6A70JFxfWYJs6FCKzUgmqzA86JBXm7Ug47nLZGySg@mail.gmail.com>
	<CAESVnVr1gkB03m5Kuiez=47EKXP7cSoXCcjxjj8zasbcQLpeSg@mail.gmail.com>
	<CAAyV7nHtHQKPgK221VsCg310tUVX9UurmV6NpT3P9U2UVE-Mqw@mail.gmail.com>
Date: Mon, 2 Jul 2012 19:37:10 -0700
X-Google-Sender-Auth: xWYyotNVAtFVphWhm3zk-ZPJUJY
Message-ID: <CAESVnVqN5HysUX9EdRbCvvsTpMUYn-MTXDX5++8AdxH--xz-sA@mail.gmail.com>
To: Anthony Ferrara <ircmaxell@gmail.com>
Cc: internals@lists.php.net
Content-Type: multipart/alternative; boundary=14dae93404f196d29804c3e3ca77
X-Gm-Message-State: ALoCoQnH40fyK56/B337IhrrzrfmUKLoaN62/n8h2w0B9qr0yJJGuU+5aRNj1podCEtu1o5D5aJA
Subject: Re: [PHP-DEV] [VOTE] Hash_pbkdf2
From: pollita@php.net (Sara Golemon)

--14dae93404f196d29804c3e3ca77
Content-Type: text/plain; charset=ISO-8859-1

On Mon, Jul 2, 2012 at 5:49 PM, Anthony Ferrara <ircmaxell@gmail.com> wrote:

> Sara,
>
> On Mon, Jul 2, 2012 at 8:24 PM, Sara Golemon <pollita@php.net> wrote:
> > I'd like to see hash_init() support this mode as well (for completeness).
> >  Perhaps something like the following:
> >
> > $ctx = hash_init("sha512", HASH_PBKDF2, $salt, array('length' => 32,
> > 'iterations' => 5000));
> >
> > The new fourth parameter being an overloadable options generic so that we
> > don't have an endless list of parameters for all the possible hashing
> types.
>
> The only problem that I have with this sort of implementation is that
> the only way it would work is to buffer the entire input (each
> hash_update call), and run it all at the end. That's because the data
> (password) is used in every iteration, so there's no pre-computation
> that can be done. And at that point, what's the benefit to it?
>
> public function pbkdf2($algo, $password, $salt, $iterations, $length) {
>         $size   = getHashBlockSize($hash);
>         $len    = ceil($length / $size);
>         $result = '';
>         for ($i = 1; $i <= $len; $i++) {
>             $tmp = hash_hmac($hash, $salt . pack('N', $i), $password,
> true);
>             $res = $tmp;
>             for ($j = 1; $j < $iterations; $j++) {
>                 $tmp  = hash_hmac($hash, $tmp, $password, true);
>                 $res ^= $tmp;
>             }
>             $result .= $res;
>         }
>         return substr($result, 0, $length);
>     }
>
> Contrast that to a normal hash function (used by the current
> hash_init) which iterates over blocks of input, and once it's done
> with a block, it doesn't need it anymore (which is where using
> something like hash_init/hash_update can make sense on large input).
>
> Additionally, hmac only uses the message in a single hash, so it can
> be streamed in as well (pre-compute the earlier hashes/data, stream
> the intermediate hash, then hash the final one).
>
> So while it could be added (just make hash_update buffer into a
> context, then have hash_final actually run the derivation), I'm not
> sure it makes sense to add it there.
>
> Thoughts?
>
> Anthony
>

Ah, wasn't clear on how pbkdf2 worked.  Your argument makes total sense.
Thanks for explaining it. :)

--14dae93404f196d29804c3e3ca77--