protected function PhpassHashedPassword::generateSalt
protected PhpassHashedPassword::generateSalt()
Generates a random base 64-encoded salt prefixed with hash settings.
Proper use of salts may defeat a number of attacks, including:
- The ability to try candidate passwords against multiple hashes at once.
- The ability to use pre-hashed lists of candidate passwords.
- The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords.
Return value
string A 12 character string containing the iteration count and a random salt.
File
- core/lib/Drupal/Core/Password/PhpassHashedPassword.php, line 104
Class
- PhpassHashedPassword
- Secure password hashing functions based on the Portable PHP password hashing framework.
Namespace
Drupal\Core\PasswordCode
protected function generateSalt() { $output = '$S$'; // We encode the final log2 iteration count in base 64. $output .= static::$ITOA64[$this->countLog2]; // 6 bytes is the standard salt for a portable phpass hash. $output .= $this->base64Encode(Crypt::randomBytes(6), 6); return $output; }
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/core!lib!Drupal!Core!Password!PhpassHashedPassword.php/function/PhpassHashedPassword::generateSalt/8.1.x