final class \SmartHashCrypto
{ } ::

Class: SmartHashCrypto - provide various hashes for a string: salted password, sha512, sha384, sha256, sha1, md5.
Hints:
- hashing passwords: is better to prepend the secret, the input is unknown to attackers so these kind of hashes are safe against length attacks ; they have to be protected against colissions ... where more different inputs can generate the same hash !
- hashing checksum: they MUST append the secret to the text to real protect against length attacks where both the input and the hash are public # https://en.wikipedia.org/wiki/Length_extension_attack

Language: PHP
Located at: lib/framework/lib_cryptohs.php
Package: @Core:Crypto
Namespace: \
Class Name: SmartHashCrypto
Version: v.20231204
Depends: PHP hash_algos() / hash() ; classes: Smart, SmartEnvironment ; constants: SMART_FRAMEWORK_SECURITY_KEY, SMART_SOFTWARE_NAMESPACE
Usage: static object: Class::method() - This class provides only STATIC methods

class Methods

public static function checksum ( string $str, string $custom_salt = null ) {} :: STRING

@return: {STRING} The checksum hash as B62 using the final hex SHA3-384 over extremely complex derivations of the string/salt combination ; ~ 65 bytes length
@param: {STRING} $str: The data to be hashed
@param: {STRING} $custom_salt: A custom salt (will be trimmed from whitespaces) ; This is optional ; if not provided will use an internal salt derived from SMART_FRAMEWORK_SECURITY_KEY

Create a safe checksum of data
It will append the salt to the end of data to avoid the length extension attack # https://en.wikipedia.org/wiki/Length_extension_attack
Protected by SHA3-384 that has 128-bit resistance against the length extension attacks since the attacker needs to guess the 128-bit to perform the attack, due to the truncation
Now includes also a Poly1305 custom derivation ... adds 10x more resistence against length extension attacks ; increases exponential chances for rainbow attacks

public static function password ( string $plainpass, string $salt ) {} :: STRING

@return: {STRING} The password hash: a 128 bytes (Base92+) derived using PBKDF2 (the most secure key derivation algorithm), hashed using SHA3-512 (safe against collisions) and SHA3-384 (safe against length attacks)
@param: {STRING} $plainpass: The plain password ; min 7 ; max 55
@param: {STRING} $salt: The salt ; min 3 ; max 4096 ; this salt will be derived using an internal algorithm to provide a much safe salt even if this is leaved empty ; recommended is to provide here a salt value ...

Creates a password one-way hash, using a salted and strong PBKDF2 derivation with two hashing algorithms: SHA3-512 (anti collisions) and SHA2-384 (anti length attack)
This is safe also against rainbow attacks, and more, does not uses HEX but Base92+ which provides extra layer of security by using 92+1 alpha characters not only 16 as Hex ...
VERSION 3

public static function checkpassword ( string $plainpass, string $passhash, string $salt ) {} :: BOOL

@return: {BOOL} Will return TRUE if password match or FALSE if not
@param: {STRING} $plainpass: The plain password
@param: {STRING} $passhash: The password hash to be checked
@param: {STRING} $salt: The salt (default is empty) ; this salt will be composed using an internal algorithm to provide a much safe salt even if this is leaved empty ; recommended is to provide here a salt value ...

Check (verify) a plain text password hashed with SmartHashCrypto::password() matches the salted hash
It must use the same salt as it was used when password was hashed, otherwise will not be validated

public static function sh3a512 ( string $str, bool $b64 = false ) {} :: STRING

@return: {STRING} The hash: 128 chars length (hex) or 88 chars length (b64) ; 4*ceil(64Chars/3)=87..88
@param: {STRING} $str: String to be hashed
@param: {BOOLEAN} $b64: If set to TRUE will use Base64 Encoding instead of Hex Encoding

Returns the SHA3-512 hash of a string
Length Extension Attack Resistance: 1024 bits (128 bytes)
Collision Attack Resistance: 256 bits ( 32 bytes)

public static function sha512 ( string $str, bool $b64 = false ) {} :: STRING

Returns the SHA512 (SHA2-512) hash of a string
Length Extension Attack Resistance: 0 bits ( 0 bytes) ; This algo has ZERO resistance, do not use it for checksums that may be modified together with the content !
Collision Attack Resistance: 256 bits (32 bytes)

public static function sh3a384 ( string $str, bool $b64 = false ) {} :: STRING

@return: {STRING} The hash: 96 chars length (hex) or 64 chars length (b64)
@param: {STRING} $str: String to be hashed
@param: {BOOLEAN} $b64: If set to TRUE will use Base64 Encoding instead of Hex Encoding

Returns the SHA3-384 hash of a string
Length Extension Attack Resistance: 768 bits (96 bytes)
Collision Attack Resistance: 192 bits (24 bytes)

public static function sha384 ( string $str, bool $b64 = false ) {} :: STRING

Returns the SHA384 (SHA2-384) hash of a string
It is roughly 50% faster than SHA256 (SHA2-256) on 64-bit machines
It also has resistances to length extension attack (due to truncation) ; notice that by example SHA2-512 or SHA2-256 does not have this resistance !
Length Extension Attack Resistance: 128 bits (16 bytes)
Collision Attack Resistance: 192 bits (24 bytes)

public static function sh3a256 ( string $str, bool $b64 = false ) {} :: STRING

@return: {STRING} The hash: 64 chars length (hex) or 44 chars length (b64)
@param: {STRING} $str: String to be hashed
@param: {BOOLEAN} $b64: If set to TRUE will use Base64 Encoding instead of Hex Encoding

Returns the SHA3-256 hash of a string
Length Extension Attack Resistance: 512 bits (64 bytes)
Collision Attack Resistance: 128 bits (16 bytes)

public static function sha256 ( string $str, bool $b64 = false ) {} :: STRING

Returns the SHA256 (SHA2-256) hash of a string
Length Extension Attack Resistance: 0 bits ( 0 bytes) ; This algo has ZERO resistance, do not use it for checksums that may be modified together with the content !
Collision Attack Resistance: 128 bits (16 bytes)

public static function sh3a224 ( string $str, bool $b64 = false ) {} :: STRING

@return: {STRING} The hash: 56 chars length (hex) or 40 chars length (b64)
@param: {STRING} $str: String to be hashed
@param: {BOOLEAN} $b64: If set to TRUE will use Base64 Encoding instead of Hex Encoding

Returns the SHA3-224 hash of a string
Length Extension Attack Resistance: 448 bits (56 bytes)
Collision Attack Resistance: 112 bits (14 bytes)

public static function sha224 ( string $str, bool $b64 = false ) {} :: STRING

Returns the SHA224 (SHA2-224) hash of a string
Length Extension Attack Resistance: 0 bits ( 0 bytes) ; This algo has ZERO resistance, do not use it for checksums that may be modified together with the content !
Collision Attack Resistance: 128 bits (16 bytes)

public static function sha1 ( string $str, bool $b64 = false ) {} :: STRING

@return: {STRING} The hash: 40 chars length (hex) or 28 chars length (b64)
@param: {STRING} $str: String to be hashed
@param: {BOOLEAN} $b64: If set to TRUE will use Base64 Encoding instead of Hex Encoding

Returns the SHA1 (SHA-1) hash of a string

public static function md5 ( string $str, bool $b64 = false ) {} :: STRING

@return: {STRING} The hash: 32 chars length (hex) or 24 chars length (b64)
@param: {STRING} $str: String to be hashed
@param: {BOOLEAN} $b64: If set to TRUE will use Base64 Encoding instead of Hex Encoding

Returns the MD5 hash of a string

public static function hmac ( string $algo, string $key, string $str, bool $b64 = false ) {} :: STRING

@return: {STRING} The Hmac Hash of the string, salted by key (Hex or B64) ; length vary depending on the algorithm
@param: {ENUM} $algo: The hashing algo: md5, sha1, sha224, sha256, sha384, sha512, sha3-224, sha3-256, sha3-384, sha3-512
@param: {STRING} $key: The secret key
@param: {STRING} $str: The public message to be hashed
@param: {BOOLEAN} $b64: If set to TRUE will use Base64 Encoding instead of Hex Encoding

Returns the HMAC hash of a string with support for various algorithms

public static function crc32b ( string $str, bool $b36 = false ) {} :: STRING

@return: {STRING} The hash: 8 chars length (hex, max is FFFFFFFF) or 7 chars length (b36, max is 1Z141Z3, based on max hex)
@param: {STRING} $str: The data
@param: {BOOLEAN} $b36: If set to TRUE will use Base36 Encoding (0-9,A-Z) instead of default Hex (Base16) Encoding

Returns the CRC32B polynomial sum of a string ; can use base16/hex (default) or base36 optional
CRC32B is better than CRC32, being portable between 32-bit and 64-bit platforms, is unsigned

public static function poly1305 ( string $key, string $str, bool $b64 = false ) {} :: STRING

@return: {STRING} The Poly1305 hash sum: 32 bytes length (hex) or 16 bytes (raw binary crypto data)
@param: {STRING} $key: The secret key
@param: {STRING} $str: The public message to be hashed
@param: {BOOLEAN} $b64: If set to TRUE will use Base64 Encoding instead of Hex Encoding

Returns the Poly1305 hash (polynomial 1305 sum) of a string, derived from the given secret key when the object was constructed

class Properties

class Constants

public const PASSWORD_PLAIN_MIN_LENGTH = 7 ; ::

public const PASSWORD_PLAIN_MAX_LENGTH = 55 ; ::

public const PASSWORD_HASH_LENGTH = 128 ; ::

public const PASSWORD_PREFIX_VERSION = "$fPv3.7!" ; ::

public const DERIVE_MIN_KLEN = 3 ; ::

public const DERIVE_MAX_KLEN = 4096 ; ::

public const DERIVE_PREKEY_LEN = 80 ; ::

public const DERIVE_CENTITER_EK = 87 ; ::

public const DERIVE_CENTITER_EV = 78 ; ::

public const DERIVE_CENTITER_PW = 77 ; ::

public const SALT_PREFIX = "Smart Framework" ; ::

public const SALT_SEPARATOR = "#" ; ::

public const SALT_SUFFIX = "スマートフレームワーク" ; ::

Sample code: PHP

<?php

// Usage example:
 SmartHashCrypto::some_method_of_this_class(...);

// #end php code

documentation generated on: 2024-12-16 17:13:19 +0000

final class \SmartHashCrypto { } ::

class Methods

class Properties

class Constants

Sample code: PHP

final class \SmartHashCrypto
{ } ::