ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
ilBasePasswordEncoder Class Reference
+ Inheritance diagram for ilBasePasswordEncoder:
+ Collaboration diagram for ilBasePasswordEncoder:

Public Member Functions

 isSupportedByRuntime ()
 {Returns whether or not the encoder is supported by the runtime (PHP, HHVM, ...)
Returns
boolean
} More...
 
 requiresSalt ()
 {Returns whether or not the encoder requires a salt.
Returns
boolean
} More...
 
 requiresReencoding ($encoded)
 {Returns whether or not the a encoded password needs to be re-encoded.
Parameters
$encodedstring
Returns
boolean
} More...
 
- Public Member Functions inherited from ilPasswordEncoder
 encodePassword ($raw, $salt)
 Encodes the raw password. More...
 
 isPasswordValid ($encoded, $raw, $salt)
 Checks a raw password against an encoded password. More...
 
 getName ()
 Returns a unique name/id of the concrete password encoder. More...
 

Data Fields

const MAX_PASSWORD_LENGTH = 4096
 

Protected Member Functions

 comparePasswords ($known_string, $user_string)
 Compares two passwords. More...
 
 isPasswordTooLong ($password)
 Checks if the password is too long. More...
 

Detailed Description

Definition at line 11 of file class.ilBasePasswordEncoder.php.

Member Function Documentation

◆ comparePasswords()

ilBasePasswordEncoder::comparePasswords (   $known_string,
  $user_string 
)
protected

Compares two passwords.

This method implements a constant-time algorithm to compare passwords to avoid (remote) timing attacks. http://codahale.com/a-lesson-in-timing-attacks/

Parameters
string$known_stringThe first password
string$user_stringThe second password
Returns
Boolean true if the two passwords are the same, false otherwise

Definition at line 27 of file class.ilBasePasswordEncoder.php.

References $i, and $result.

Referenced by ilMd5PasswordEncoder\isPasswordValid().

28  {
29  // Prevent issues if string length is 0
30  $known_string .= chr(0);
31  $user_string .= chr(0);
32 
33  $known_string_length = strlen($known_string);
34  $user_string_length = strlen($user_string);
35 
36  // Set the result to the difference between the lengths
37  $result = $known_string_length - $user_string_length;
38 
39  // Note that we ALWAYS iterate over the user-supplied length
40  // This is to prevent leaking length information
41  for ($i = 0; $i < $user_string_length; $i++) {
42  // Using % here is a trick to prevent notices
43  // It's safe, since if the lengths are different
44  // $result is already non-0
45  $result |= (ord($known_string[$i % $known_string_length]) ^ ord($user_string[$i]));
46  }
47 
48  // They are only identical strings if $result is exactly 0...
49  return 0 === $result;
50  }
$result
$i
Definition: disco.tpl.php:19
+ Here is the caller graph for this function:

◆ isPasswordTooLong()

ilBasePasswordEncoder::isPasswordTooLong (   $password)
protected

Checks if the password is too long.

Parameters
string$passwordThe password
Returns
bool true if the password is too long, false otherwise

Definition at line 57 of file class.ilBasePasswordEncoder.php.

References $password.

Referenced by ilMd5PasswordEncoder\encodePassword(), ilBcryptPhpPasswordEncoder\encodePassword(), ilBcryptPasswordEncoder\encodePassword(), ilMd5PasswordEncoder\isPasswordValid(), and ilBcryptPasswordEncoder\isPasswordValid().

58  {
59  return strlen($password) > self::MAX_PASSWORD_LENGTH;
60  }
$password
Definition: cron.php:14
+ Here is the caller graph for this function:

◆ isSupportedByRuntime()

ilBasePasswordEncoder::isSupportedByRuntime ( )

{Returns whether or not the encoder is supported by the runtime (PHP, HHVM, ...)

Returns
boolean
}

Implements ilPasswordEncoder.

Definition at line 65 of file class.ilBasePasswordEncoder.php.

66  {
67  return true;
68  }

◆ requiresReencoding()

ilBasePasswordEncoder::requiresReencoding (   $encoded)

{Returns whether or not the a encoded password needs to be re-encoded.

Parameters
$encodedstring
Returns
boolean
}

Implements ilPasswordEncoder.

Definition at line 81 of file class.ilBasePasswordEncoder.php.

Referenced by ilMd5PasswordEncoderTest\testEncoderDoesNotSupportReencoding().

82  {
83  return false;
84  }
+ Here is the caller graph for this function:

◆ requiresSalt()

ilBasePasswordEncoder::requiresSalt ( )

{Returns whether or not the encoder requires a salt.

Returns
boolean
}

Implements ilPasswordEncoder.

Definition at line 73 of file class.ilBasePasswordEncoder.php.

Referenced by ilMd5PasswordEncoderTest\testEncoderDoesNotRelyOnSalts(), and ilBcryptPhpPasswordEncoderTest\testEncoderDoesNotRelyOnSalts().

74  {
75  return false;
76  }
+ Here is the caller graph for this function:

Field Documentation

◆ MAX_PASSWORD_LENGTH

const ilBasePasswordEncoder::MAX_PASSWORD_LENGTH = 4096

Definition at line 16 of file class.ilBasePasswordEncoder.php.


The documentation for this class was generated from the following file: