function _password_generate_salt
_password_generate_salt($count_log2)
Generates a random base 64-encoded salt prefixed with settings for the hash.
Proper use of salts may defeat a number of attacks, including:
- The ability to try candidate passwords against multiple hashes at once.
- The ability to use pre-hashed lists of candidate passwords.
- The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.
Parameters
$count_log2: Integer that determines the number of iterations used in the hashing process. A larger value is more secure, but takes more time to complete.
Return value
A 12 character string containing the iteration count and a random salt.
File
- includes/password.inc, line 99
- Secure password hashing functions for user authentication.
Code
function _password_generate_salt($count_log2) { $output = '$S$'; // Ensure that $count_log2 is within set bounds. $count_log2 = _password_enforce_log2_boundaries($count_log2); // We encode the final log2 iteration count in base 64. $itoa64 = _password_itoa64(); $output .= $itoa64[$count_log2]; // 6 bytes is the standard salt for a portable phpass hash. $output .= _password_base64_encode(drupal_random_bytes(6), 6); return $output; }
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/includes!password.inc/function/_password_generate_salt/7.x