search

DomBlack / php-scrypt

A PHP wrapper fo the scrypt hashing algorithm
Other
209 stars 57 forks source link

Replacement in Sodium? #61

Closed patrick-radius closed 2 years ago

patrick-radius commented 2 years ago

Since this extension doesn't seem to be updated anymore (and doesn't have php 8/8.1 support) i was wondering if there is a replacement within the Sodium extension.

i'm trying to use the sodium_crypto_pwhash_scryptsalsa208sha256 function but i'm unsure how to convert the scrypt parameters to this sodium implementation so that the hashes remain backwards compatible.

kocsismate commented 2 years ago

I managed to figure out how to parameterize sodium_crypto_pwhash_scryptsalsa208sha256() to give the same result what scrypt() returns:

var_dump(
    base64_encode(sodium_crypto_pwhash_scryptsalsa208sha256(
        64,
        "hello",
        "saltsaltsaltsaltsaltsaltsaltsalt",
        SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE,
        SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE
    ))
);

var_dump(
    base64_encode(hex2bin(scrypt(
        "hello",
        "saltsaltsaltsaltsaltsaltsaltsalt",
        2**14,
        8,
        1,
        64
    )))
);

Output:

string(88) "Nfy5yTn+bWX0/nNqiBbLmuM4DBKtbFnDCFp4pq9rIz7i9LqTblkvYNUPPNx0iZIz4eP2X6p+VwhVdN8fsQvtJQ=="
string(88) "Nfy5yTn+bWX0/nNqiBbLmuM4DBKtbFnDCFp4pq9rIz7i9LqTblkvYNUPPNx0iZIz4eP2X6p+VwhVdN8fsQvtJQ=="