PBKDF2Hash

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author tbenyon

    (@tbenyon)

    Hi @ygleby,

    I don’t believe it currently does. I’m not familiar with this one.

    If you can give me some example PHP to show me how to verify your hash I may be able to integrate it into the plugin.

    How is the salt stored for your passwords?

    Thanks,

    Tom

    Rfc2898DeriveBytes implementation of PBKDF2. I think it’s based on HMACSHA1

    Thread Starter ygleby

    (@ygleby)

    Hi @tbenyon
    I use “at_least_16_byte” salt for my passwords.

    Plugin Author tbenyon

    (@tbenyon)

    Hey @ygleby,

    Thanks for contributing @delaycloud111. ??

    @ygleby, could you please create a new user with the password ‘password1’ so that I can experiment and test to make sure the method I use to validate a password works with an examaple hash you have generated.

    Thanks,

    Tom

    Thread Starter ygleby

    (@ygleby)

    Hey @tbenyon !
    Create this account on my wordpress site?

    +1 need this to..

    function pbkdf2(string $username, string $password, string $passwordSalt)
{   
    $iterations = 10000;
    $length = 40;
    $salt = $passwordSalt . $username;
        
    $hash = hash_pbkdf2("sha1", $password, $salt, $iterations, $length);
    $hash = \strtoupper($hash);
    return $hash;
}

    @tbenyon

    • This reply was modified 5 years, 3 months ago by underdigital.
    Plugin Author tbenyon

    (@tbenyon)

    Hi All,

    Sincere apologies for taking so long to reply. Life’s been busy.

    Thank you for the code @underdigital. The integration mentioned above is quite custom for each user.

    Things that change for each user are:

      how salt is handled (in your case salt is added to the beginning of the password)
      the amount of iterations

      length

    To make this reusable I am going to add functionality to allow something like the custom function to be called from a plugin hook.

    I am midway through developing this code already.

    You as the user would need to add code similar to this to your functions.php file.

    function myExlogHashAuthenticator($password, $hashFromDatabase, $username) {
    $iterations = 10000;
    $length = 40;
    $salt = $passwordSalt . $username;
        
    $hash = hash_pbkdf2("sha1", $password, $salt, $iterations, $length);
    $hash = \strtoupper($hash);
    return $hash == $hashFromDatabase;
}
add_filter('exlog_hook_filter_authenticate_hash', 'myExlogHashAuthenticator', 10, 2);

    Let me know if any of you have any hesitations about this but my plan is to get this out as the next release.

    Tom

    Plugin Author tbenyon

    (@tbenyon)

    Hey All,

    Just letting you know that this feature is now complete and released in V1.8.4.

    You can see some basic documentation here.

    I will close this ticket for now, however if you have any questions or issues please get back in contact here ??

    Thanks,

    Tom

    underdigital

    (@underdigital)

    @tbenyon Good! You are awsome, sorry for the late response!

    Still getting an error on it, (no php dev :-P)

    Fatal error: Uncaught ArgumentCountError: Too few arguments to function myExlogHashAuthenticator(), 2 passed in D:\World of Eldritch\World of Eldritch Website\root\demo\wp-includes\class-wp-hook.php on line 290 and exactly 3 expected in D:\World of Eldritch\World of Eldritch Website\root\demo\wp-content\themes\twentytwenty\functions.php:686 Stack trace: #0 D:\World of Eldritch\World of Eldritch Website\root\demo\wp-includes\class-wp-hook.php(290)

    Can’t get arround this one? I only passe this
    myExlogHashAuthenticator($password, $hashFromDatabase, $username)

    underdigital

    (@underdigital)

    @tbenyon
    My bad…
    Seems like i had to change the 2 to a 3
    add_filter('exlog_hook_filter_authenticate_hash', 'myExlogHashAuthenticator', 10, 2);

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘PBKDF2Hash’ is closed to new replies.