sodium_crypto_pwhash_scryptsalsa208sha256
Derives a key from a password, using scrypt
Description
string sodium_crypto_pwhash_scryptsalsa208sha256(
int $length
,
#[\SensitiveParameter]string $password
,
string $salt
,
int $opslimit
,
int $memlimit
)
A common reason to use this particular function is to derive the seeds for cryptographic keys from a password and salt,
and then use these seeds to generate the actual keys needed for some purpose (e.g. sodium_crypto_sign_detached).
Parameters
-
length
-
The length of the password hash to generate, in bytes.
-
password
-
The password to generate a hash for.
-
salt
-
A salt to add to the password before hashing. The salt should be unpredictable, ideally generated from a good random number source such as random_bytes, and have a length of at least SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES
bytes.
-
opslimit
-
Represents a maximum amount of computations to perform. Raising this number will make the function require more CPU cycles to compute a key. There are some constants available to set the operations limit to appropriate values depending on intended use, in order of strength: SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_INTERACTIVE
and SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_OPSLIMIT_SENSITIVE
.
-
memlimit
-
The maximum amount of RAM that the function will use, in bytes. There are constants to help you choose an appropriate value, in order of size: SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_INTERACTIVE
and SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_MEMLIMIT_SENSITIVE
. Typically these should be paired with the matching opslimit
values.
Return Values
A string of bytes of the desired length.