PHPackages security/pbkdf2 - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. security/pbkdf2 ActiveLibrary[Security](/categories/security) security/pbkdf2 =============== An implementation of PBKDF2 invented by RSA Laboratories. Useful for password strengthening. v0.1.1(13y ago)0803[2 issues](https://github.com/thesmart/php-PBKDF2/issues)[1 PRs](https://github.com/thesmart/php-PBKDF2/pulls)MITPHPPHP >=5.3.0 Since Aug 24Pushed 13y agoCompare [ Source](https://github.com/thesmart/php-PBKDF2)[ Packagist](https://packagist.org/packages/security/pbkdf2)[ Docs](https://github.com/thesmart/php-PBKDF2)[ RSS](/packages/security-pbkdf2/feed)WikiDiscussions master Synced 3d ago READMEChangelogDependenciesVersions (3)Used By (0) php-PBKDF2 ========== [](#php-pbkdf2) An implementation of PBKDF2 invented by RSA Laboratories. Useful for password stretching / strengthening. The [technique](http://en.wikipedia.org/wiki/Key_stretching) is useful for making user passwords and keys much tougher to reverse. This is very valuable for preventing [high profile](http://news.cnet.com/8301-1009_3-57448079-83/millions-of-linkedin-passwords-reportedly-leaked-online/) and [embarrassing](http://www.engadget.com/2011/06/02/sony-pictures-hacked-by-lulz-security-1-000-000-passwords-claim/) releases of user passwords. For more detailed information, please visit the geniuses at RSA Labs: . Usage ----- [](#usage) Usage of this library is very simple. \###Strengthen a new password ``` $pass = $_POST['user_created_password']; $salt = Pbkdf2::generateRandomSalt(); $passHash = Pbkdf2::hash($pass, $salt); unset($pass); // store $passHash and $salt in the database ``` \###Test a password for match ``` // get $passHash and $salt from the database $isMatch = Pbkdf2::isMatch($_POST['user_password'], $passHash, $salt); if ($isMatch) { // grant login attempt } else { // reject login attempt } ``` Additional Security ------------------- [](#additional-security) You can also pass an optional arguments for additional security, with a trade-off of performance. ``` define('CRAZY_LONG_HASH', 'p,gx>vrQ