Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:61119
Return-Path: <ircmaxell@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 38707 invoked from network); 10 Jul 2012 14:14:19 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 10 Jul 2012 14:14:19 -0000
Authentication-Results: pb1.pair.com smtp.mail=ircmaxell@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=ircmaxell@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.170 as permitted sender)
X-PHP-List-Original-Sender: ircmaxell@gmail.com
X-Host-Fingerprint: 209.85.216.170 mail-qc0-f170.google.com  
Received: from [209.85.216.170] ([209.85.216.170:45266] helo=mail-qc0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 83/40-35810-AB83CFF4 for <internals@lists.php.net>; Tue, 10 Jul 2012 10:14:19 -0400
Received: by qcmt36 with SMTP id t36so16514qcm.29
        for <internals@lists.php.net>; Tue, 10 Jul 2012 07:14:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=xEle0NoHIooMK+9k+s4JdGhDG/G4vJaWBlws5a+2fac=;
        b=cks5ADZR0EXlBO+hYlO+bxKvabKBDGqtOz+reWJRcl6xDlHAJMzuj2WbICLssRbJkK
         pu5vEM2v8DOL05hY+17kHz0QWpUp7VVrQkhUEOyR88NJR0eSV8usBgtT6rRXriqUinOM
         1yTrKzzhfWJpQ+QhE7Pinc151tTEV8ryP0+NtOTvh86cTayqZ2aMoJqUqhVhdhsPkJSd
         /Yx1o6O89T59Eu7wJPNFe8ymhSl9C2nZ1ExZqGCNfNc2HXxW6mDRVd4A4/AsgMYcGAJf
         zHD5n0MXNj+Jfx+cvWmoDuKy0acIr94k0nTVlea6hJvKH5Zqake2Fp2iCys/ARSb5Rb9
         WJog==
MIME-Version: 1.0
Received: by 10.224.176.204 with SMTP id bf12mr3608906qab.92.1341929656331;
 Tue, 10 Jul 2012 07:14:16 -0700 (PDT)
Received: by 10.229.232.11 with HTTP; Tue, 10 Jul 2012 07:14:16 -0700 (PDT)
In-Reply-To: <CAESVnVqN5HysUX9EdRbCvvsTpMUYn-MTXDX5++8AdxH--xz-sA@mail.gmail.com>
References: <CAAyV7nGNb6A70JFxfWYJs6FCKzUgmqzA86JBXm7Ug47nLZGySg@mail.gmail.com>
	<CAESVnVr1gkB03m5Kuiez=47EKXP7cSoXCcjxjj8zasbcQLpeSg@mail.gmail.com>
	<CAAyV7nHtHQKPgK221VsCg310tUVX9UurmV6NpT3P9U2UVE-Mqw@mail.gmail.com>
	<CAESVnVqN5HysUX9EdRbCvvsTpMUYn-MTXDX5++8AdxH--xz-sA@mail.gmail.com>
Date: Tue, 10 Jul 2012 10:14:16 -0400
Message-ID: <CAAyV7nFVAR8AOKa6uZ82CShpUmEwbCjmJo8_80-FVmdFzBzKtQ@mail.gmail.com>
To: Sara Golemon <pollita@php.net>
Cc: internals@lists.php.net
Content-Type: multipart/alternative; boundary=20cf30334e937aacce04c47a5886
Subject: Re: [PHP-DEV] [VOTE] Hash_pbkdf2
From: ircmaxell@gmail.com (Anthony Ferrara)

--20cf30334e937aacce04c47a5886
Content-Type: text/plain; charset=ISO-8859-1

Hey all,

The voting phase has ended for hash_pbkdf2, and it has passed with a vote
of 8:0. I've moved the RFC into Accepted state, and will merge the PR today
into master, then move the RFC into Implemented.

Thanks!

Anthony

On Mon, Jul 2, 2012 at 10:37 PM, Sara Golemon <pollita@php.net> wrote:

>
>
> On Mon, Jul 2, 2012 at 5:49 PM, Anthony Ferrara <ircmaxell@gmail.com>wrote:
>
>> Sara,
>>
>> On Mon, Jul 2, 2012 at 8:24 PM, Sara Golemon <pollita@php.net> wrote:
>> > I'd like to see hash_init() support this mode as well (for
>> completeness).
>> >  Perhaps something like the following:
>> >
>> > $ctx = hash_init("sha512", HASH_PBKDF2, $salt, array('length' => 32,
>> > 'iterations' => 5000));
>> >
>> > The new fourth parameter being an overloadable options generic so that
>> we
>> > don't have an endless list of parameters for all the possible hashing
>> types.
>>
>> The only problem that I have with this sort of implementation is that
>> the only way it would work is to buffer the entire input (each
>> hash_update call), and run it all at the end. That's because the data
>> (password) is used in every iteration, so there's no pre-computation
>> that can be done. And at that point, what's the benefit to it?
>>
>> public function pbkdf2($algo, $password, $salt, $iterations, $length) {
>>         $size   = getHashBlockSize($hash);
>>         $len    = ceil($length / $size);
>>         $result = '';
>>         for ($i = 1; $i <= $len; $i++) {
>>             $tmp = hash_hmac($hash, $salt . pack('N', $i), $password,
>> true);
>>             $res = $tmp;
>>             for ($j = 1; $j < $iterations; $j++) {
>>                 $tmp  = hash_hmac($hash, $tmp, $password, true);
>>                 $res ^= $tmp;
>>             }
>>             $result .= $res;
>>         }
>>         return substr($result, 0, $length);
>>     }
>>
>> Contrast that to a normal hash function (used by the current
>> hash_init) which iterates over blocks of input, and once it's done
>> with a block, it doesn't need it anymore (which is where using
>> something like hash_init/hash_update can make sense on large input).
>>
>> Additionally, hmac only uses the message in a single hash, so it can
>> be streamed in as well (pre-compute the earlier hashes/data, stream
>> the intermediate hash, then hash the final one).
>>
>> So while it could be added (just make hash_update buffer into a
>> context, then have hash_final actually run the derivation), I'm not
>> sure it makes sense to add it there.
>>
>> Thoughts?
>>
>> Anthony
>>
>
> Ah, wasn't clear on how pbkdf2 worked.  Your argument makes total sense.
> Thanks for explaining it. :)
>

--20cf30334e937aacce04c47a5886--