<?php class SafeBcryptWrapperPoC { private $staticKey; private $cost = 12; public function __construct( #[\SensitiveParameter] string $staticKey, int $cost = 12 ) { $this->staticKey = $staticKey; $this->cost = $cost; } /** * Generate password hashes here */ public function hash( #[\SensitiveParameter] string $password ): string { return \password_hash( $this->prehash($password), PASSWORD_BCRYPT, ['cost' => $this->cost] ); } /** * Verify password here */ public function verify( #[\SensitiveParameter] string $password, #[\SensitiveParameter] string $hash ): bool { return \password_verify( $this->prehash($password), $hash ); } /** * Pre-hashing with HMAC-SHA-512 here * * Note that this demo doesn't use libsodium, due to 3v4l limitations */ private function prehash( #[\SensitiveParameter] string $password ): string { return \base64_encode( \hash_hmac('sha512', $password, $this->staticKey, true) ); } } $staticKey = random_bytes(32); $hasher = new SafeBcryptWrapperPoC($staticKey); $example1 = str_repeat('A', 72); $example2 = $example1 . 'B'; $hash1 = password_hash($example1, PASSWORD_BCRYPT); $hash2 = $hasher->hash($example1); var_dump(password_verify($example2, $hash1)); var_dump($hasher->verify($example2, $hash2));
You have javascript disabled. You will not be able to edit any code.