ilBasePasswordEncoder Class Reference

Inheritance diagram for ilBasePasswordEncoder:

Collaboration diagram for ilBasePasswordEncoder:

Data Fields
const	MAX_PASSWORD_LENGTH = 4096

Protected Member Functions
	comparePasswords ($known_string, $user_string)
	Compares two passwords.
	isPasswordTooLong ($password)
	Checks if the password is too long.

Additional Inherited Members
Public Member Functions inherited from ilPasswordEncoder
	encodePassword ($raw, $salt)
	Encodes the raw password.
	isPasswordValid ($encoded, $raw, $salt)
	Checks a raw password against an encoded password.
	getName ()
	Returns a unique name/id of the concrete password encoder.
	requiresSalt ()
	Returns whether or not the encoder requires a salt.

Detailed Description

Definition at line 11 of file class.ilBasePasswordEncoder.php.

Member Function Documentation

ilBasePasswordEncoder::comparePasswords (   $known_string,   $user_string  )

protected

Compares two passwords.

This method implements a constant-time algorithm to compare passwords to avoid (remote) timing attacks. http://codahale.com/a-lesson-in-timing-attacks/

Parameters

string	$known_string	The first password
string	$user_string	The second password

Returns

Boolean true if the two passwords are the same, false otherwise

Definition at line 27 of file class.ilBasePasswordEncoder.php.

References $result.

Referenced by ilMd5PasswordEncoder\isPasswordValid().

        {
                // Prevent issues if string length is 0
                $known_string .= chr(0);
                $user_string  .= chr(0);

                $known_string_length = strlen($known_string);
                $user_string_length  = strlen($user_string);

                // Set the result to the difference between the lengths
                $result = $known_string_length - $user_string_length;

                // Note that we ALWAYS iterate over the user-supplied length
                // This is to prevent leaking length information
                for($i = 0; $i < $user_string_length; $i++)
                {
                        // Using % here is a trick to prevent notices
                        // It's safe, since if the lengths are different
                        // $result is already non-0
                        $result |= (ord($known_string[$i % $known_string_length]) ^ ord($user_string[$i]));
                }

                // They are only identical strings if $result is exactly 0...
                return 0 === $result;
        }

Here is the caller graph for this function:

ilBasePasswordEncoder::isPasswordTooLong (   $password )

protected

Checks if the password is too long.

Parameters

string

$password

The password

Returns

bool true if the password is too long, false otherwise

Definition at line 58 of file class.ilBasePasswordEncoder.php.

References MAX_PASSWORD_LENGTH.

Referenced by ilMd5PasswordEncoder\encodePassword(), ilBcryptPasswordEncoder\encodePassword(), ilMd5PasswordEncoder\isPasswordValid(), and ilBcryptPasswordEncoder\isPasswordValid().

        {
                return strlen($password) > self::MAX_PASSWORD_LENGTH;
        }

Here is the caller graph for this function:

Field Documentation

const ilBasePasswordEncoder::MAX_PASSWORD_LENGTH = 4096

Definition at line 16 of file class.ilBasePasswordEncoder.php.

Referenced by isPasswordTooLong().

---

The documentation for this class was generated from the following file:

• Services/Password/classes/class.ilBasePasswordEncoder.php