Implementing password hashing/salting algorithm from crackstation.net

Posted by Mason240 on Stack Overflow See other posts from Stack Overflow or by Mason240
Published on 2012-07-11T02:59:28Z Indexed on 2012/07/11 3:15 UTC
Read the original article Hit count: 299

Filed under:
|
|
|
|

I am trying to implement a password hashing/salting algorithm from crackstation.net, but I am unsure how implement it.

Storing the password upon user registration seems to be as simple as passing the password into create_hash().

$password = create_hash($_POST['Password'];

I'm not following how to validate upon user login. validate_password($password, $good_hash) returns either true or false, and takes $password as parameter, so it seems like a no brainer except for the second parameter $good_hash. Where does this param come from?

It is my understanding that password is turned into a hash value every time its used, and that the hash value is what is stored and compared. So why would I have both the $password and $good_hash values?

Quick overview of the functions:

function create_hash($password){
    calls pbkdf2()
}

function validate_password($password, $good_hash){ 
    calls pbkdf2() 
    calls slow_equals() 
}

function slow_equals($a, $b){
}

function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false){
}

Of course a different, better method for this would also be just as helpful. Thank you

© Stack Overflow or respective owner

Related posts about php

Related posts about security