This class can create and validate password hashes.
It can take a password string and create a hash to be able to verify it later without storing the original password text.
It uses only strong algorithms like blowfish, sha256 and sha512 to generate salts with strong entropy using openssl_random_pseudo_bytes or mcrypt_create_iv.
It also implements the standard used by the Mozilla security team to first hash the password using HMAC, then using that hash for the actual hashing sequence.
The class can also verify if a previously generated hash matches a given password. |